Decode user/pass using UTF-8 in HTTP Basic Auth

This is a silly fix, which should evolve into one taking into account RFC7617. Ref #1680
author: Sviatoslav Sydorenko <wk@sydorenko.org.ua> 2018-01-03 20:40:42 +0200
committer: Sviatoslav Sydorenko <wk@sydorenko.org.ua> 2018-04-22 12:38:33 +0200
commit: 1b122995c02b2ca315a160550632b669dab99e51 (patch)
tree: 48825200c2b768e1b5128b0e0e01c572c72765b0
parent: 8c7fdc4e0eed1355b947ad4b4d8e51ed04ab80e0 (diff)
download: cherrypy-git-1b122995c02b2ca315a160550632b669dab99e51.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/cherrypy/lib/auth_basic.py b/cherrypy/lib/auth_basic.py
index dd4dfb49..4bc27c1c 100644
--- a/cherrypy/lib/auth_basic.py
+++ b/cherrypy/lib/auth_basic.py
@@ -79,7 +79,9 @@ def basic_auth(realm, checkpassword, debug=False):
         with cherrypy.HTTPError.handle((ValueError, binascii.Error), 400, msg):
             scheme, params = auth_header.split(' ', 1)
             if scheme.lower() == 'basic':
-                username, password = base64_decode(params).split(':', 1)
+                decoded_params = base64_decode(params)
+                decoded_params = tonative(ntob(decoded_params), 'utf-8')
+                username, password = decoded_params.split(':', 1)
                 if checkpassword(realm, username, password):
                     if debug:
                         cherrypy.log('Auth succeeded', 'TOOLS.AUTH_BASIC')
author	Sviatoslav Sydorenko <wk@sydorenko.org.ua>	2018-01-03 20:40:42 +0200
committer	Sviatoslav Sydorenko <wk@sydorenko.org.ua>	2018-04-22 12:38:33 +0200
commit	1b122995c02b2ca315a160550632b669dab99e51 (patch)
tree	48825200c2b768e1b5128b0e0e01c572c72765b0
parent	8c7fdc4e0eed1355b947ad4b4d8e51ed04ab80e0 (diff)
download	cherrypy-git-1b122995c02b2ca315a160550632b669dab99e51.tar.gz