diff options
author | Sviatoslav Sydorenko <wk@sydorenko.org.ua> | 2018-01-03 20:40:42 +0200 |
---|---|---|
committer | Sviatoslav Sydorenko <wk@sydorenko.org.ua> | 2018-04-22 12:38:33 +0200 |
commit | 1b122995c02b2ca315a160550632b669dab99e51 (patch) | |
tree | 48825200c2b768e1b5128b0e0e01c572c72765b0 | |
parent | 8c7fdc4e0eed1355b947ad4b4d8e51ed04ab80e0 (diff) | |
download | cherrypy-git-1b122995c02b2ca315a160550632b669dab99e51.tar.gz |
Decode user/pass using UTF-8 in HTTP Basic Auth
This is a silly fix, which should evolve into one taking into
account RFC7617.
Ref #1680
-rw-r--r-- | cherrypy/lib/auth_basic.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/cherrypy/lib/auth_basic.py b/cherrypy/lib/auth_basic.py index dd4dfb49..4bc27c1c 100644 --- a/cherrypy/lib/auth_basic.py +++ b/cherrypy/lib/auth_basic.py @@ -79,7 +79,9 @@ def basic_auth(realm, checkpassword, debug=False): with cherrypy.HTTPError.handle((ValueError, binascii.Error), 400, msg): scheme, params = auth_header.split(' ', 1) if scheme.lower() == 'basic': - username, password = base64_decode(params).split(':', 1) + decoded_params = base64_decode(params) + decoded_params = tonative(ntob(decoded_params), 'utf-8') + username, password = decoded_params.split(':', 1) if checkpassword(realm, username, password): if debug: cherrypy.log('Auth succeeded', 'TOOLS.AUTH_BASIC') |