From d145cbb7457889eaf67943ef634b8784745c8b06 Mon Sep 17 00:00:00 2001
From: Ali Sabil <ali.sabil@soundrop.com>
Date: Sun, 9 Feb 2014 18:37:00 +0100
Subject: Allow empty passwords when parsing Basic authorization header

---
 src/cowboy_http.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index f3a198d..30866de 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -765,8 +765,6 @@ authorization_basic_userid(<<C, Rest/binary>>, Fun, Acc) ->
 authorization_basic_password(Data, Fun) ->
 	authorization_basic_password(Data, Fun, <<>>).
 
-authorization_basic_password(<<>>, _Fun, <<>>) ->
-	{error, badarg};
 authorization_basic_password(<<C, _Rest/binary>>, _Fun, _Acc)
 		when C < 32; C=:= 127 ->
 	{error, badarg};
@@ -1255,6 +1253,8 @@ http_authorization_test_() ->
 	Tests = [
 		{<<"basic">>, <<"QWxsYWRpbjpvcGVuIHNlc2FtZQ==">>,
 			{<<"basic">>, {<<"Alladin">>, <<"open sesame">>}}},
+		{<<"basic">>, <<"dXNlcm5hbWU6">>,
+			{<<"basic">>, {<<"username">>, <<>>}}},
 		{<<"basic">>, <<"dXNlcm5hbWUK">>,
 			{error, badarg}},
 		{<<"basic">>, <<"_[]@#$%^&*()-AA==">>,
-- 
cgit v1.2.3