Incorrect Password Extraction When Passwords Contain Colons

[gaetinux]

Description

With basic authentication, if the user's password contains a single colon, it is splitted.

Describe your problem(s)

I use the auth module to perform LDAP authentication.

The user credentials are passed in the format username:password in the Authorization header. But here is the result if the password contain a single colon like that : username:Pass:w$rd!.

time=2024-07-23T21:47:32.047+02:00 level=DEBUG module=ballerina/auth message="Incorrect credential format. Format should be username:password"

This is because in the function extractUsernameAndPassword here, a split is performed on each occurrence of the single colon rather than splitting only on the first :

string[] decodedCredentials = re `:`.split(base64DecodedResults);

If I reproduce this gives the following result:

["username","Pass","w$rd!"]

According to RFC 2617, the use of the single colon is restricted in the username but not in the password.

Describe your solution(s)

No response

Related area

-> Central

Related issue(s) (optional)

No response

Suggested label(s) (optional)

No response

Suggested assignee(s) (optional)

No response

[github-actions[bot]]

This issue is NOT closed with a proper Reason/ label. Make sure to add proper reason label before closing. Please add or leave a comment with the proper reason label now.

      - Reason/EngineeringMistake - The issue occurred due to a mistake made in the past.
      - Reason/Regression - The issue has introduced a regression.
      - Reason/MultipleComponentInteraction - Issue occured due to interactions in multiple components.
      - Reason/Complex - Issue occurred due to complex scenario.
      - Reason/Invalid - Issue is invalid.
      - Reason/Other - None of the above cases.