search

nuagenetworks / bambou

low level rest communication library for vsp style apis
BSD 3-Clause "New" or "Revised" License
7 stars 11 forks source link

Base64 encoding using urlsafe encouding causes issues with certain passwords #33

Closed pdellaert closed 3 years ago

pdellaert commented 3 years ago

Bambou uses urlsafe_b64encode, which replaces the + and / character with _ to be URL Safe. However, this causes issues in certain cases where the VSD expects a an actual + or / character.

Example: Creating a user with username genericuser and password prefixadmin~suffix will fail because of the failure of encoding the Authrozation header:

$ python
Python 3.9.1 (default, Jan  8 2021, 17:17:17)
[Clang 12.0.0 (clang-1200.0.32.28)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import base64
>>> base64.urlsafe_b64encode("genericuser:prefixadmin~suffix".encode("utf-8")).decode("utf-8")
'Z2VuZXJpY3VzZXI6cHJlZml4YWRtaW5-c3VmZml4'
>>> base64.standard_b64encode("genericuser:prefixadmin~suffix".encode("utf-8")).decode("utf-8")
'Z2VuZXJpY3VzZXI6cHJlZml4YWRtaW5+c3VmZml4'

This causes the authentication to fail.

pdellaert commented 3 years ago

According to https://datatracker.ietf.org/doc/html/rfc7617#section-2, the Basic Authentication scheme supports regular Base64 encoding, with a reference to https://datatracker.ietf.org/doc/html/rfc4648#section-4 for the implementation of the regular implementation (supporting/allowing the / and + characters).

There is no need to use the urlsafe_b64encode method.