* Fix panic in BasicAuthDecode
If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.
* Update BasicAuthDecode()
Co-authored-by: 6543 <6543@obermui.de>
"crypto/sha256"
"encoding/base64"
"encoding/hex"
+ "errors"
"fmt"
"net/http"
"os"
}
auth := strings.SplitN(string(s), ":", 2)
+
+ if len(auth) != 2 {
+ return "", "", errors.New("invalid basic authentication")
+ }
+
return auth[0], auth[1], nil
}
assert.NoError(t, err)
assert.Equal(t, "foo", user)
assert.Equal(t, "bar", pass)
+
+ _, _, err = BasicAuthDecode("aW52YWxpZA==")
+ assert.Error(t, err)
+
+ _, _, err = BasicAuthDecode("invalid")
+ assert.Error(t, err)
}
func TestBasicAuthEncode(t *testing.T) {