diff --git a/auth/basic.py b/auth/basic.py index fd3817b93..7700a3dca 100644 --- a/auth/basic.py +++ b/auth/basic.py @@ -47,7 +47,7 @@ def _parse_basic_auth_header(auth): try: credentials = [part.decode('utf-8') for part in b64decode(normalized[1]).split(':', 1)] - except TypeError: + except (TypeError, UnicodeDecodeError, ValueError): logger.exception('Exception when parsing basic auth header: %s', auth) return None, 'Could not parse basic auth header' diff --git a/auth/test/test_basic.py b/auth/test/test_basic.py index a25fe8b50..27417bf1c 100644 --- a/auth/test/test_basic.py +++ b/auth/test/test_basic.py @@ -75,3 +75,10 @@ def test_valid_app_specific_token(app): token = _token(APP_SPECIFIC_TOKEN_USERNAME, app_specific_token.token_code) result = validate_basic_auth(token) assert result == ValidateResult(AuthKind.basic, appspecifictoken=app_specific_token) + + +def test_invalid_unicode(app): + token = '\xebOH' + header = 'basic ' + b64encode(token) + result = validate_basic_auth(header) + assert result == ValidateResult(AuthKind.basic, missing=True)