fix: Colons in the password of a HTTP Basic Authentication. (#55)

The existing code was taking the first component of the colon-separated array as the user name, and the second as the password. In fact, all components after the first must be treated as belonging to the password.
Kitura · Nov 5, 2018 · b107a6d · b107a6d
1 parent 660c43c
commit b107a6d
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/Sources/CredentialsHTTP/CredentialsHTTPBasic.swift b/Sources/CredentialsHTTP/CredentialsHTTPBasic.swift
@@ -107,14 +107,14 @@ public class CredentialsHTTPBasic : CredentialsPluginProtocol {
             authorization = userAuthorization as String
         }
 
-        let credentials = authorization.components(separatedBy: ":")
-        guard credentials.count >= 2 else {
+        let credentials = authorization.split(separator: ":", maxSplits: 1)
+        guard credentials.count == 2 else {
             onFailure(.badRequest, nil)
             return
         }
 
-        let userid = credentials[0]
-        let password = credentials[1]
+        let userid = String(credentials[0])
+        let password = String(credentials[1])
 
         if let userProfileLoader = self.userProfileLoader {
             userProfileLoader(userid) { userProfile, storedPassword in