GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Reactive HttpBasic Support For Coloned Passwords 

This makes so that reactive httpBasic supports passwords containing
one or more colons.
pull/5592/merge
Tim Koopman 8 years ago committed by Josh Cummings
parent
9e0f171d47
commit
6df4dfe47b
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 10 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
  2. 9
      web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java

2
web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java
Unescape View File

@ -54,7 +54,7 @@ public class ServerHttpBasicAuthenticationConverter implements @@ -54,7 +54,7 @@ public class ServerHttpBasicAuthenticationConverter implements
"" : authorization.substring(BASIC.length(), authorization.length());
byte[] decodedCredentials = base64Decode(credentials);
String decodedAuthz = new String(decodedCredentials);
String[] userParts = decodedAuthz.split(":");
String[] userParts = decodedAuthz.split(":", 2);
if (userParts.length != 2) {
return Mono.empty();

9
web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java
Unescape View File

@ -79,6 +79,15 @@ public class ServerHttpBasicAuthenticationConverterTests { @@ -79,6 +79,15 @@ public class ServerHttpBasicAuthenticationConverterTests {
assertThat(authentication.getCredentials()).isEqualTo("password");
}
@Test
public void applyWhenUserPasswordHasColon() {
Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcm5hbWU6cGFzczp3b3Jk"));
UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class).block();
assertThat(authentication.getPrincipal()).isEqualTo("user");
assertThat(authentication.getCredentials()).isEqualTo("pass:word");
}
@Test
public void applyWhenLowercaseSchemeThenAuthentication() {
Mono<Authentication> result = apply(this.request.header(HttpHeaders.AUTHORIZATION, "basic dXNlcjpwYXNzd29yZA=="));

Write Preview
Loading…
Cancel
Save