search

kazu2012 / persevere-framework

Automatically exported from code.google.com/p/persevere-framework
0 stars 0 forks source link

HTTP Challenge Authentication using an empty password #197

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
The standard User.authenticate procedure allows an empty password, but the 
attempting to 
authenticate using HTTP Basic authentication throws error IndexOutOfBounds 
Exception at 
RequestHelper.java line 211.

This is because a string of "userame:" i.e. with no password string results in 
a null token after 
the call to authorization.split(":");

What steps will reproduce the problem?
1. Create a user with a null password
2. Browse to a Class which causes the browser to challenge for a username & 
password
3. Enter the username with a blank password

What version of the product are you using? On what operating system?
Nightly, 1st June 2009

Original issue reported on code.google.com by pvolkaer...@gmail.com on 5 Jun 2009 at 10:13

GoogleCodeExporter commented 8 years ago 
should I also allow for empty usernames?

Original comment by kris...@gmail.com on 6 Jun 2009 at 2:39