Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token name with colon is accepted but doesn't work on usage #2219

Closed
Playacem opened this issue Sep 6, 2024 · 0 comments
Closed

Token name with colon is accepted but doesn't work on usage #2219

Playacem opened this issue Sep 6, 2024 · 0 comments
Assignees
@dzikoysk
Labels
bug Bugs & errors found in Reposilite

Comments

@Playacem
Copy link

Playacem commented Sep 6, 2024

What happened?

As reported on discord:

Reposilite does not verify that the token name does not contain any colons. As the provided values are used with HTTP Basic auth the provided values do not match with what the server has on file. The part after the username colon gets interpreted as part of the password. See also https://datatracker.ietf.org/doc/html/rfc7617#section-2

Furthermore, a user-id containing a colon character is invalid, as
the first colon in a user-pass string separates user-id and password
from one another; text after the first colon is part of the password.
User-ids containing colons cannot be encoded in user-pass strings.

Reposilite version

3.x

Relevant log output

No response
@Playacem Playacem added the bug Bugs & errors found in Reposilite label Sep 6, 2024
@dzikoysk dzikoysk self-assigned this Sep 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dzikoysk dzikoysk

Labels
bug Bugs & errors found in Reposilite
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Playacem @dzikoysk