Send 400 bad request rather than 500 for invalid base64 in auth header Along with a useful error message.
Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/7e8dca72 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/7e8dca72 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/7e8dca72 Branch: refs/heads/windsor-merge-209 Commit: 7e8dca72bf156a6f207904f943751ac039144c9f Parents: c4ce490 Author: Michael Rhodes <[email protected]> Authored: Tue May 14 12:40:25 2013 +0100 Committer: Robert Newson <[email protected]> Committed: Mon Aug 4 14:16:55 2014 +0100 ---------------------------------------------------------------------- src/couch_httpd_auth.erl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/7e8dca72/src/couch_httpd_auth.erl ---------------------------------------------------------------------- diff --git a/src/couch_httpd_auth.erl b/src/couch_httpd_auth.erl index 6c1d037..483e4cd 100644 --- a/src/couch_httpd_auth.erl +++ b/src/couch_httpd_auth.erl @@ -48,7 +48,7 @@ basic_name_pw(Req) -> AuthorizationHeader = header_value(Req, "Authorization"), case AuthorizationHeader of "Basic " ++ Base64Value -> - case re:split(base64:decode(Base64Value), ":", + try re:split(base64:decode(Base64Value), ":", [{return, list}, {parts, 2}]) of ["_", "_"] -> % special name and pass to be logged out @@ -57,6 +57,9 @@ basic_name_pw(Req) -> {User, Pass}; _ -> nil + catch + error:function_clause -> + throw({bad_request, "Authorization header has invalid base64 value"}) end; _ -> nil
