aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2013-02-06 19:16:06 +0100
committerLoïc Hoguin <[email protected]>2013-02-06 19:16:06 +0100
commit1c5ce11d13e7144091ce9a983ed0be6fbdb95c45 (patch)
tree91f73f06b5360abaab2d34c5ff0c4a89c61eb42b
parentecb234693c82553261738c28f883b327a2d586e1 (diff)
downloadcowboy-1c5ce11d13e7144091ce9a983ed0be6fbdb95c45.tar.gz
cowboy-1c5ce11d13e7144091ce9a983ed0be6fbdb95c45.tar.bz2
cowboy-1c5ce11d13e7144091ce9a983ed0be6fbdb95c45.zip
Strip whitespaces when authorization type is unknown
-rw-r--r--src/cowboy_http.erl8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index a78e090..f3ff687 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -817,7 +817,7 @@ authorization(UserPass, Type = <<"basic">>) ->
end)
end);
authorization(String, Type) ->
- {Type, String}.
+ cowboy_http:whitespace(String, fun(Rest) -> {Type, Rest} end).
%% @doc Parse user credentials.
-spec authorization_basic_userid(binary(), fun()) -> any().
@@ -1347,9 +1347,11 @@ http_authorization_test_() ->
?_assertEqual({error, badarg},
authorization(<<"dXNlcm5hbWUK">>, <<"basic">>)),
?_assertEqual({error, badarg},
- authorization(<<"_[]@#$%^&*()-AA==">>, <<"basic">>)),
+ authorization(<<"_[]@#$%^&*()-AA==">>, <<"basic">>)),
?_assertEqual({error, badarg},
- authorization(<<"dXNlcjpwYXNzCA==">>, <<"basic">>)) %% user:pass\010
+ authorization(<<"dXNlcjpwYXNzCA==">>, <<"basic">>)), %% user:pass\010
+ ?_assertEqual({<<"bearer">>,<<"some_secret_key">>},
+ authorization(<<" some_secret_key">>, <<"bearer">>))
].
-endif.