misc: ignore invalid HTTP basic authentication header (#46835)
This commit is contained in:
parent
84f9a33df2
commit
af5cf63d95
|
@ -3193,3 +3193,9 @@ def test_cards(pub, local_user):
|
|||
assert resp.json['data'][0]['fields']['foo'] == 'blah'
|
||||
assert resp.json['data'][0]['digest'] == formdata.digest
|
||||
assert resp.json['data'][0]['text'] == formdata.digest
|
||||
|
||||
|
||||
def test_api_invalid_http_basic_auth(pub, local_user, admin_user, ics_data):
|
||||
app = get_app(pub)
|
||||
app.get('/api/forms/test/ics/foobar?email=%s' % local_user.email,
|
||||
headers={'Authorization': 'Basic garbage'}, status=401)
|
||||
|
|
|
@ -53,7 +53,14 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
|
|||
auth_header = self.get_header('Authorization', '')
|
||||
if auth_header.startswith('Basic '):
|
||||
auth_header = auth_header.split(' ', 1)[1]
|
||||
username, password = force_text(base64.decodestring(force_bytes(auth_header))).split(':', 1)
|
||||
try:
|
||||
username, password = force_text(base64.decodestring(force_bytes(auth_header))).split(':', 1)
|
||||
except (UnicodeDecodeError, ValueError):
|
||||
# ValueError will catch both missing ":" (not enough values to
|
||||
# unpack (expected 2, got 1)) and binascii.Error (incorrect
|
||||
# padding or invalid base64-encoded string).
|
||||
self._user = None
|
||||
return
|
||||
from .ident.password_accounts import PasswordAccount
|
||||
try:
|
||||
self._user = PasswordAccount.get_with_credentials(username, password)
|
||||
|
|
Loading…
Reference in New Issue