This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/master by this push:
new efbc1cd ARROW-15772: [Go][Flight] Server Basic Auth
Middleware/Interceptor wrongly base64 decode
efbc1cd is described below
commit efbc1cd5fad6c1a5dbe8189c82b293f8e1f9b6b1
Author: Corentin <[email protected]>
AuthorDate: Thu Feb 24 12:52:37 2022 -0500
ARROW-15772: [Go][Flight] Server Basic Auth Middleware/Interceptor wrongly
base64 decode
The proposed fixed made the server auth works for both actual go
implementation and other. I am not sure if the base64 padding should be used
but in all cases having the server being able to read both seems better (being
liberal with the inputs, strict with the output).
An other fix would be to change the Go implementation of the client to use
the padded base64 (in `client.go` l.299). But I think making the server more
robust is better.
Closes #12503 from Corentin-pro/auth-base64-fix
Authored-by: Corentin <[email protected]>
Signed-off-by: Matthew Topol <[email protected]>
---
go/arrow/flight/server_auth.go | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/go/arrow/flight/server_auth.go b/go/arrow/flight/server_auth.go
index d3980bf..cc78d85 100644
--- a/go/arrow/flight/server_auth.go
+++ b/go/arrow/flight/server_auth.go
@@ -187,7 +187,10 @@ func createServerBearerTokenStreamInterceptor(validator
BasicAuthValidator) grpc
if auth[0] == basicAuthPrefix {
val, err :=
base64.RawStdEncoding.DecodeString(auth[1])
if err != nil {
- return
status.Errorf(codes.Unauthenticated, "invalid basic auth encoding: %s", err)
+ val, err =
base64.StdEncoding.DecodeString(auth[1])
+ if err != nil {
+ return
status.Errorf(codes.Unauthenticated, "invalid basic auth encoding: %s", err)
+ }
}
creds := strings.SplitN(string(val), ":", 2)
