Closed gaetinux closed 2 months ago
This issue is NOT closed with a proper Reason/ label. Make sure to add proper reason label before closing. Please add or leave a comment with the proper reason label now.
- Reason/EngineeringMistake - The issue occurred due to a mistake made in the past.
- Reason/Regression - The issue has introduced a regression.
- Reason/MultipleComponentInteraction - Issue occured due to interactions in multiple components.
- Reason/Complex - Issue occurred due to complex scenario.
- Reason/Invalid - Issue is invalid.
- Reason/Other - None of the above cases.
Description
With basic authentication, if the user's password contains a single colon, it is splitted.
Describe your problem(s)
I use the auth module to perform LDAP authentication.
The user credentials are passed in the format
username:password
in the Authorization header. But here is the result if the password contain a single colon like that :username:Pass:w$rd!
.This is because in the function
extractUsernameAndPassword
here, a split is performed on each occurrence of the single colon rather than splitting only on the first :If I reproduce this gives the following result:
According to RFC 2617, the use of the single colon is restricted in the username but not in the password.
Describe your solution(s)
No response
Related area
-> Central
Related issue(s) (optional)
No response
Suggested label(s) (optional)
No response
Suggested assignee(s) (optional)
No response