Fix for base 64 decoding issue

gvalkov / tornado-http-auth

Digest and basic authentication for Tornado

Apache License 2.0

19 stars 12 forks source link

Fix for base 64 decoding issue #8

Closed adrianrv closed 1 year ago

adrianrv commented 4 years ago

Fixing decoding base64 string issue.

Fix #7

adrianrv commented 4 years ago

I've just realised that base64.b64decode remove unmatching characters if when validate params is False (default value). For that reason I also think make sense to use the validation.

>>> base64.b64decode('dGVzdDoxMjM0').decode()
'test:1234'

>>> base64.b64decode('_____dGVzdDoxMjM0').decode()
'test:1234'

>>> base64.b64decode('____dGVzdDoxMjM0', validate=True).decode()
# raise binascii.Error('Non-base64 digit found')

gvalkov commented 1 year ago

Thanks. This is a good fix. I wish I saw it sooner :(