diff options
| author | Bip Thelin <[email protected]> | 2019-05-09 14:18:53 +0200 |
|---|---|---|
| committer | Loïc Hoguin <[email protected]> | 2019-09-06 11:34:08 +0200 |
| commit | 835441703a54bab9217b14ba2e787ab83c2c33c7 (patch) | |
| tree | ff3e8303791e51efe4b47454d85441f1a222a0de | |
| parent | c3fc4c663f211b0c16555112a939666f479e440b (diff) | |
| download | cowlib-835441703a54bab9217b14ba2e787ab83c2c33c7.tar.gz cowlib-835441703a54bab9217b14ba2e787ab83c2c33c7.tar.bz2 cowlib-835441703a54bab9217b14ba2e787ab83c2c33c7.zip | |
Authentication scheme is case insensitive
| -rw-r--r-- | src/cow_http_hd.erl | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/cow_http_hd.erl b/src/cow_http_hd.erl index 87b4f12..59bd3bf 100644 --- a/src/cow_http_hd.erl +++ b/src/cow_http_hd.erl @@ -887,13 +887,22 @@ horse_parse_allow() -> -> {basic, binary(), binary()} | {bearer, binary()} | {digest, [{binary(), binary()}]}. -%% @todo The token is case-insensitive. https://tools.ietf.org/html/rfc7235#section-2.1 -parse_authorization(<<"Basic ", R/bits >>) -> +parse_authorization(<<B, A, S, I, C, " ", R/bits >>) + when ((B =:= $B) or (B =:= $b)), ((A =:= $A) or (A =:= $a)), + ((S =:= $S) or (S =:= $s)), ((I =:= $I) or (I =:= $i)), + ((C =:= $C) or (C =:= $c)) -> auth_basic(base64:decode(R), <<>>); -parse_authorization(<<"Bearer ", R/bits >>) when R =/= <<>> -> +parse_authorization(<<B, E1, A, R1, E2, R2, " ", R/bits >>) + when (R =/= <<>>), ((B =:= $B) or (B =:= $b)), + ((E1 =:= $E) or (E1 =:= $e)), ((A =:= $A) or (A =:= $a)), + ((R1 =:= $R) or (R1 =:= $r)), ((E2 =:= $E) or (E2 =:= $e)), + ((R2 =:= $R) or (R2 =:= $r)) -> validate_auth_bearer(R), {bearer, R}; -parse_authorization(<<"Digest ", R/bits >>) -> +parse_authorization(<<D, I, G, E, S, T, " ", R/bits >>) + when ((D =:= $D) or (D =:= $d)), ((I =:= $I) or (I =:= $i)), + ((G =:= $G) or (G =:= $g)), ((E =:= $E) or (E =:= $e)), + ((S =:= $S) or (S =:= $s)), ((T =:= $T) or (T =:= $t)) -> {digest, nonempty(auth_digest_list(R, []))}. auth_basic(<< $:, Password/bits >>, UserID) -> {basic, UserID, Password}; @@ -944,7 +953,9 @@ auth_digest_list_sep(<< C, R/bits >>, Acc) when ?IS_WS(C) -> auth_digest_list_se parse_authorization_test_() -> Tests = [ {<<"Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==">>, {basic, <<"Aladdin">>, <<"open sesame">>}}, + {<<"bAsIc QWxhZGRpbjpvcGVuIHNlc2FtZQ==">>, {basic, <<"Aladdin">>, <<"open sesame">>}}, {<<"Bearer mF_9.B5f-4.1JqM">>, {bearer, <<"mF_9.B5f-4.1JqM">>}}, + {<<"bEaRer mF_9.B5f-4.1JqM">>, {bearer, <<"mF_9.B5f-4.1JqM">>}}, {<<"Digest username=\"Mufasa\"," "realm=\"[email protected]\"," "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\"," |