Closed rknguyen closed 4 years ago
Thanks for the PR but there are two things I want to point out here:
1) I don’t think username has colon should be a valid case, and it should be handled not only here in the login step but also in user creation as well, so it should be at an upper level or somewhere we can reuse.
2) I believe we are supposed to have more than just a colon case for username sanitation, so I suggest that we should update this PR to cover more cases as well.
Eh, maybe you got something wrong, this is my case: I read your code and built my server for sync my tasks. And this is the problem:
${username}:${password}
). So I got this points and on my server, I parse the header to get token in order to identity the user, I decode the token and get the username from that. But in case username have the colon, it's impossible to identity what is the username.
Thanks for review my PR.What I'm suggesting is making the check for username to be more generic and reusable.
And you may know it already, base64(username:password)
is the standard for Basic Auth.
It's been a while since the last comment and I still didn't get any response. Hence, closing this.
Please feel free to open this again if you're still interested. Thanks.
🇻🇳