Catch unicode decode errors in auth decode

Fixes https://jira.coreos.com/browse/QUAY-1249
This commit is contained in:
Joseph Schorr 2018-12-07 16:16:32 -05:00
parent 72ad0e9789
commit c3f2901ec0
2 changed files with 8 additions and 1 deletions

View file

@ -47,7 +47,7 @@ def _parse_basic_auth_header(auth):
try: try:
credentials = [part.decode('utf-8') for part in b64decode(normalized[1]).split(':', 1)] credentials = [part.decode('utf-8') for part in b64decode(normalized[1]).split(':', 1)]
except TypeError: except (TypeError, UnicodeDecodeError, ValueError):
logger.exception('Exception when parsing basic auth header: %s', auth) logger.exception('Exception when parsing basic auth header: %s', auth)
return None, 'Could not parse basic auth header' return None, 'Could not parse basic auth header'

View file

@ -75,3 +75,10 @@ def test_valid_app_specific_token(app):
token = _token(APP_SPECIFIC_TOKEN_USERNAME, app_specific_token.token_code) token = _token(APP_SPECIFIC_TOKEN_USERNAME, app_specific_token.token_code)
result = validate_basic_auth(token) result = validate_basic_auth(token)
assert result == ValidateResult(AuthKind.basic, appspecifictoken=app_specific_token) assert result == ValidateResult(AuthKind.basic, appspecifictoken=app_specific_token)
def test_invalid_unicode(app):
token = '\xebOH'
header = 'basic ' + b64encode(token)
result = validate_basic_auth(header)
assert result == ValidateResult(AuthKind.basic, missing=True)