From 458cdf9f9b79ac5dbcd280bd791d970d891840bb Mon Sep 17 00:00:00 2001 From: Adam Stachowicz Date: Sat, 6 Jan 2024 18:06:06 +0000 Subject: [PATCH] Fix `encodeBase64` for empty password or user in HTTP Basic Authentication (#4326) --- server/model/monitor.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/model/monitor.js b/server/model/monitor.js index e407e5a2d..2dc77fbd3 100644 --- a/server/model/monitor.js +++ b/server/model/monitor.js @@ -230,10 +230,12 @@ class Monitor extends BeanModel { /** * Encode user and password to Base64 encoding * for HTTP "basic" auth, as per RFC-7617 + * @param {string|null} user - The username (nullable if not changed by a user) + * @param {string|null} pass - The password (nullable if not changed by a user) * @returns {string} */ encodeBase64(user, pass) { - return Buffer.from(user + ":" + pass).toString("base64"); + return Buffer.from(`${user || ""}:${pass || ""}`).toString("base64"); } /**