1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-24 20:14:31 +02:00

Basic scheme is case-insensitive (#1033)

This commit is contained in:
Cuong Manh Le 2017-11-21 06:57:41 +07:00 committed by Vishal Rana
parent b28538b2e3
commit 7fe7f348eb
2 changed files with 9 additions and 2 deletions

View File

@ -3,6 +3,7 @@ package middleware
import (
"encoding/base64"
"strconv"
"strings"
"github.com/labstack/echo"
)
@ -27,7 +28,7 @@ type (
)
const (
basic = "Basic"
basic = "basic"
defaultRealm = "Restricted"
)
@ -72,7 +73,7 @@ func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc {
auth := c.Request().Header.Get(echo.HeaderAuthorization)
l := len(basic)
if len(auth) > l+1 && auth[:l] == basic {
if len(auth) > l+1 && strings.ToLower(auth[:l]) == basic {
b, err := base64.StdEncoding.DecodeString(auth[l+1:])
if err != nil {
return err

View File

@ -4,6 +4,7 @@ import (
"encoding/base64"
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/labstack/echo"
@ -30,6 +31,11 @@ func TestBasicAuth(t *testing.T) {
req.Header.Set(echo.HeaderAuthorization, auth)
assert.NoError(t, h(c))
// Case-insensitive header scheme
auth = strings.ToUpper(basic) + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
req.Header.Set(echo.HeaderAuthorization, auth)
assert.NoError(t, h(c))
// Invalid credentials
auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:invalid-password"))
req.Header.Set(echo.HeaderAuthorization, auth)