search

gvalkov / tornado-http-auth

Digest and basic authentication for Tornado
Apache License 2.0
19 stars 12 forks source link

authenticate_user method raises binascii.Error when provided auth is not base64 #7

Closed adrianrv closed 1 year ago

adrianrv commented 4 years ago

authenticate_user method raises uncontrolled exception when the provided Authorization header is not base64. To reproduce the issue:

curl -i \
    -H 'Accept:application/json' \
    -H 'Authorization:Basic not_a_base64_string' \
    http://localhost:8000/protected