Merge pull request #8 from m1dok/master

Fix issue #7: handle Base64 exception
trikko · May 17, 2023 · 6cd99d0 · 6cd99d0
2 parents fff3fa8 + 823d750
commit 6cd99d0
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 9 deletions.
diff --git a/source/serverino/interfaces.d b/source/serverino/interfaces.d
@@ -575,22 +575,35 @@ struct Request
 
          if ("authorization" in _header)
          {
-            import std.base64 : Base64;
+
+            import std.base64 : Base64, Base64Exception;
             import std.string : indexOf;
             auto auth = _header["authorization"];
 
             if (auth.length > 6 && auth[0..6].toLower == "basic ")
             {
-               auth = (cast(char[])Base64.decode(auth[6..$])).to!string;
-               auto delim = auth.indexOf(":");
-
-               if (delim < 0) _user = auth;
-               else
+               try
                {
-                  _user = auth[0..delim];
+                  auth = (cast(char[])Base64.decode(auth[6..$])).to!string;
+                  auto delim = auth.indexOf(":");
+
+                     if (delim < 0) _user = auth;
+                     else
+                     {
+                        _user = auth[0..delim];
 
-                  if (delim < auth.length-1)
-                     _password = auth[delim+1..$];
+                     if (delim < auth.length-1)
+                        _password = auth[delim+1..$];
+                     }
+
+               }
+               catch(Base64Exception e)
+               {
+                  _user = string.init;
+                  _password = string.init;
+                  debug warning("Authorization header ignored. Error decoding base64.");
+
+
                }
             }
          }

diff --git a/test-1/source/app.d b/test-1/source/app.d
@@ -318,5 +318,28 @@ Content-Disposition: form-data; name=\"field1\"\r
     }
 
 
+///Authorization Base64 Test
+
+ {
+        string content;
+
+        auto http = HTTP("http://myuser@127.0.0.1:8080/json/dump/test");
+        http.method = HTTP.Method.post;        
+        http.addRequestHeader("Authorization", "Basic msnmsknkjs");
+        http.onReceive = (ubyte[] data) { content ~= data; return data.length; };
+        http.perform();
+
+        auto j = parseJSON(content);
+        assert(j["method"].str == "POST");
+        assert(j["uri"].str == "/json/dump/test");
+        assert(j["host"].str == "127.0.0.1:8080");
+        assert(j["username"].str ==  string.init);
+        assert(j["password"].str ==  string.init);
+
+        assert(http.statusLine.code == 200);
+
+
+    }
+
 
 }