From c3f2901ec099f1117c2f549536d381ef181ce476 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Fri, 7 Dec 2018 16:16:32 -0500
Subject: [PATCH] Catch unicode decode errors in auth decode

Fixes https://jira.coreos.com/browse/QUAY-1249
---
 auth/basic.py           | 2 +-
 auth/test/test_basic.py | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/auth/basic.py b/auth/basic.py
index fd3817b93..7700a3dca 100644
--- a/auth/basic.py
+++ b/auth/basic.py
@@ -47,7 +47,7 @@ def _parse_basic_auth_header(auth):
 
   try:
     credentials = [part.decode('utf-8') for part in b64decode(normalized[1]).split(':', 1)]
-  except TypeError:
+  except (TypeError, UnicodeDecodeError, ValueError):
     logger.exception('Exception when parsing basic auth header: %s', auth)
     return None, 'Could not parse basic auth header'
 
diff --git a/auth/test/test_basic.py b/auth/test/test_basic.py
index a25fe8b50..27417bf1c 100644
--- a/auth/test/test_basic.py
+++ b/auth/test/test_basic.py
@@ -75,3 +75,10 @@ def test_valid_app_specific_token(app):
   token = _token(APP_SPECIFIC_TOKEN_USERNAME, app_specific_token.token_code)
   result = validate_basic_auth(token)
   assert result == ValidateResult(AuthKind.basic, appspecifictoken=app_specific_token)
+
+
+def test_invalid_unicode(app):
+  token = '\xebOH'
+  header = 'basic ' + b64encode(token)
+  result = validate_basic_auth(header)
+  assert result == ValidateResult(AuthKind.basic, missing=True)