diff options
author | Paweł Chmielowski <pchmielowski@process-one.net> | 2019-01-30 16:34:29 +0100 |
---|---|---|
committer | Paweł Chmielowski <pchmielowski@process-one.net> | 2019-01-30 16:34:29 +0100 |
commit | 56baa07d486f68fc5275d830837bdd918680d28b (patch) | |
tree | 2f21c44254321eb45a4794f0478075de70742918 /src/ejabberd_http.erl | |
parent | Require that both tag and module matched in from of api_permission (diff) |
Reject request http_api request that have malformed Authentication header
Diffstat (limited to 'src/ejabberd_http.erl')
-rw-r--r-- | src/ejabberd_http.erl | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl index b3222fb14..c226dba1c 100644 --- a/src/ejabberd_http.erl +++ b/src/ejabberd_http.erl @@ -852,23 +852,23 @@ code_to_phrase(505) -> <<"HTTP Version Not Supported">>. -spec parse_auth(binary()) -> {binary(), binary()} | {oauth, binary(), []} | undefined. parse_auth(<<"Basic ", Auth64/binary>>) -> - Auth = try base64:decode(Auth64) - catch _:badarg -> <<>> - end, - %% Auth should be a string with the format: user@server:password - %% Note that password can contain additional characters '@' and ':' - case str:chr(Auth, $:) of - 0 -> - undefined; - Pos -> - {User, <<$:, Pass/binary>>} = erlang:split_binary(Auth, Pos-1), - PassUtf8 = unicode:characters_to_binary(binary_to_list(Pass), utf8), - {User, PassUtf8} + try base64:decode(Auth64) of + Auth -> + case binary:split(Auth, <<":">>) of + [User, Pass] -> + PassUtf8 = unicode:characters_to_binary(Pass, utf8), + {User, PassUtf8}; + _ -> + invalid + end + catch _:_ -> + invalid end; parse_auth(<<"Bearer ", SToken/binary>>) -> Token = str:strip(SToken), {oauth, Token, []}; -parse_auth(<<_/binary>>) -> undefined. +parse_auth(<<_/binary>>) -> + invalid. parse_urlencoded(S) -> parse_urlencoded(S, nokey, <<>>, key). |