YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix auth_header

Browse source 
If a colon is in the password, user and password are not well detected.
For example if user="me" and password="pass:word" the function give
user="me:pass" password="word"
This commit is contained in:
ewilly 2023-01-12 20:24:42 +01:00
parent 46b58d3695
commit ba5ffba490
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
helpers.lua
View file

@ -276,7 +276,7 @@ function validate_or_clear_basic_auth_header_provided_by_client()
-- Try to authenticate the user, -- Try to authenticate the user,
-- or remove the Auth header if not valid -- or remove the Auth header if not valid
_, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$") _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^([^:]+):(.+)$")
user = authenticate(user, password) user = authenticate(user, password)
if user then if user then
logger.debug("User got authenticated through basic auth") logger.debug("User got authenticated through basic auth")