From 9ad524c21cede6499fdede0c02c32fa14afc380b Mon Sep 17 00:00:00 2001 From: Patric Forsgard Date: Tue, 4 Nov 2014 16:26:28 +0100 Subject: [PATCH 1/3] Decode username/password Decode username/password before converting them to base64-string; otherwise, the authentication will fail if you have example @ included in the password (@ is encoded as %40) --- src/Elasticsearch.Net/Connection/HttpConnection.cs | 9 ++++++++- src/Elasticsearch.Net/Elasticsearch.Net.csproj | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/Elasticsearch.Net/Connection/HttpConnection.cs b/src/Elasticsearch.Net/Connection/HttpConnection.cs index 69deadd3860..f8d4eb6f1a1 100644 --- a/src/Elasticsearch.Net/Connection/HttpConnection.cs +++ b/src/Elasticsearch.Net/Connection/HttpConnection.cs @@ -9,6 +9,7 @@ using System.Text; using System.Threading; using System.Threading.Tasks; +using System.Web; using Elasticsearch.Net.Connection.Configuration; using Elasticsearch.Net.Providers; using PurifyNet; @@ -168,7 +169,13 @@ private void SetBasicAuthorizationIfNeeded(Uri uri, HttpWebRequest myReq) { if (!uri.UserInfo.IsNullOrEmpty()) { - myReq.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(myReq.RequestUri.UserInfo)); + var userInfo = myReq.RequestUri.UserInfo; + int length = userInfo.IndexOf(':'); + if (length != -1) + { + userInfo = HttpUtility.UrlDecode(userInfo.Substring(0, length)) + ":" + HttpUtility.UrlDecode(userInfo.Substring(length + 1)); + } + myReq.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(userInfo)); } } diff --git a/src/Elasticsearch.Net/Elasticsearch.Net.csproj b/src/Elasticsearch.Net/Elasticsearch.Net.csproj index e5b3e6aa6e6..019296e3657 100644 --- a/src/Elasticsearch.Net/Elasticsearch.Net.csproj +++ b/src/Elasticsearch.Net/Elasticsearch.Net.csproj @@ -43,6 +43,7 @@ + From 146b37cf4b4b5cf60244d2b238ce860117c1b3df Mon Sep 17 00:00:00 2001 From: Patric Forsgard Date: Tue, 4 Nov 2014 16:34:03 +0100 Subject: [PATCH 2/3] Use Uri.UnescapeDataString instead of HttpUtility.UrlDecode --- src/Elasticsearch.Net/Connection/HttpConnection.cs | 3 +-- src/Elasticsearch.Net/Elasticsearch.Net.csproj | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Elasticsearch.Net/Connection/HttpConnection.cs b/src/Elasticsearch.Net/Connection/HttpConnection.cs index f8d4eb6f1a1..dbb5a9db0d2 100644 --- a/src/Elasticsearch.Net/Connection/HttpConnection.cs +++ b/src/Elasticsearch.Net/Connection/HttpConnection.cs @@ -9,7 +9,6 @@ using System.Text; using System.Threading; using System.Threading.Tasks; -using System.Web; using Elasticsearch.Net.Connection.Configuration; using Elasticsearch.Net.Providers; using PurifyNet; @@ -173,7 +172,7 @@ private void SetBasicAuthorizationIfNeeded(Uri uri, HttpWebRequest myReq) int length = userInfo.IndexOf(':'); if (length != -1) { - userInfo = HttpUtility.UrlDecode(userInfo.Substring(0, length)) + ":" + HttpUtility.UrlDecode(userInfo.Substring(length + 1)); + userInfo = Uri.UnescapeDataString(userInfo.Substring(0, length)) + ":" + Uri.UnescapeDataString(userInfo.Substring(length + 1)); } myReq.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(userInfo)); } diff --git a/src/Elasticsearch.Net/Elasticsearch.Net.csproj b/src/Elasticsearch.Net/Elasticsearch.Net.csproj index 019296e3657..e5b3e6aa6e6 100644 --- a/src/Elasticsearch.Net/Elasticsearch.Net.csproj +++ b/src/Elasticsearch.Net/Elasticsearch.Net.csproj @@ -43,7 +43,6 @@ - From 3ba510cacfd08abc1d624fc950be7bff4a2b4801 Mon Sep 17 00:00:00 2001 From: Patric Forsgard Date: Tue, 4 Nov 2014 16:38:16 +0100 Subject: [PATCH 3/3] Also UrlDecode username if not password are used --- src/Elasticsearch.Net/Connection/HttpConnection.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Elasticsearch.Net/Connection/HttpConnection.cs b/src/Elasticsearch.Net/Connection/HttpConnection.cs index dbb5a9db0d2..56b33e2e791 100644 --- a/src/Elasticsearch.Net/Connection/HttpConnection.cs +++ b/src/Elasticsearch.Net/Connection/HttpConnection.cs @@ -174,6 +174,10 @@ private void SetBasicAuthorizationIfNeeded(Uri uri, HttpWebRequest myReq) { userInfo = Uri.UnescapeDataString(userInfo.Substring(0, length)) + ":" + Uri.UnescapeDataString(userInfo.Substring(length + 1)); } + else + { + userInfo = Uri.UnescapeDataString(userInfo); + } myReq.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(userInfo)); } }