mirror of https://github.com/go-gitea/gitea.git
* Fix panic in BasicAuthDecode If the string does not contain ":" that function would run into an `index out of range [1] with length 1` error. prevent that. * Update BasicAuthDecode() Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
This commit is contained in:
parent
96d41287e5
commit
55d7e53d99
|
@ -10,6 +10,7 @@ import (
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -65,6 +66,11 @@ func BasicAuthDecode(encoded string) (string, string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
auth := strings.SplitN(string(s), ":", 2)
|
auth := strings.SplitN(string(s), ":", 2)
|
||||||
|
|
||||||
|
if len(auth) != 2 {
|
||||||
|
return "", "", errors.New("invalid basic authentication")
|
||||||
|
}
|
||||||
|
|
||||||
return auth[0], auth[1], nil
|
return auth[0], auth[1], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,6 +46,12 @@ func TestBasicAuthDecode(t *testing.T) {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, "foo", user)
|
assert.Equal(t, "foo", user)
|
||||||
assert.Equal(t, "bar", pass)
|
assert.Equal(t, "bar", pass)
|
||||||
|
|
||||||
|
_, _, err = BasicAuthDecode("aW52YWxpZA==")
|
||||||
|
assert.Error(t, err)
|
||||||
|
|
||||||
|
_, _, err = BasicAuthDecode("invalid")
|
||||||
|
assert.Error(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBasicAuthEncode(t *testing.T) {
|
func TestBasicAuthEncode(t *testing.T) {
|
||||||
|
|
Loading…
Reference in New Issue