couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [05/21] couch commit: updated refs/heads/windsor-merge-119 to 9138d07
Date Tue, 05 Aug 2014 11:06:06 GMT
Send 400 bad request rather than 500 for invalid base64 in auth header

Along with a useful error message.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/7e8dca72
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/7e8dca72
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/7e8dca72

Branch: refs/heads/windsor-merge-119
Commit: 7e8dca72bf156a6f207904f943751ac039144c9f
Parents: c4ce490
Author: Michael Rhodes <mike.rhodes@gmail.com>
Authored: Tue May 14 12:40:25 2013 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Mon Aug 4 14:16:55 2014 +0100

----------------------------------------------------------------------
 src/couch_httpd_auth.erl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/7e8dca72/src/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd_auth.erl b/src/couch_httpd_auth.erl
index 6c1d037..483e4cd 100644
--- a/src/couch_httpd_auth.erl
+++ b/src/couch_httpd_auth.erl
@@ -48,7 +48,7 @@ basic_name_pw(Req) ->
     AuthorizationHeader = header_value(Req, "Authorization"),
     case AuthorizationHeader of
     "Basic " ++ Base64Value ->
-        case re:split(base64:decode(Base64Value), ":",
+        try re:split(base64:decode(Base64Value), ":",
                       [{return, list}, {parts, 2}]) of
         ["_", "_"] ->
             % special name and pass to be logged out
@@ -57,6 +57,9 @@ basic_name_pw(Req) ->
             {User, Pass};
         _ ->
             nil
+        catch
+        error:function_clause ->
+            throw({bad_request, "Authorization header has invalid base64 value"})
         end;
     _ ->
         nil


Mime
View raw message