Opened 2 years ago
Last modified 2 years ago
#13467 closed defect
Basic authentication failing when colon characters are used in password — at Initial Version
Reported by: | Jun Omae | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | 1.4.4 |
Component: | web frontend/tracd | Version: | |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
I noticed that BasicAuthentication.do_auth
has an issue in splitting by colon character while working of #13464. In fact, the basic authentication is failing when colon characters are used in the password.
-
trac/web/auth.py
diff --git a/trac/web/auth.py b/trac/web/auth.py index 77744babc..8363bcb0c 100644
a b class BasicAuthentication(PasswordFileAuthentication): 365 365 def do_auth(self, environ, start_response): 366 366 header = environ.get('HTTP_AUTHORIZATION') 367 367 if header and header.startswith('Basic'): 368 auth = b64decode(header[6:]).split(':' )368 auth = b64decode(header[6:]).split(':', 1) 369 369 if len(auth) == 2: 370 370 user, password = auth 371 371 if self.test(user, password):
Note:
See TracTickets
for help on using tickets.