From 253391053c54d35538bd0cfc52ae304438ce24d1 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Mon, 5 Sep 2016 16:51:44 +0200 Subject: [PATCH] api basic auth - ignore non-utf8 chars, fixes #282 --- nsupdate/api/views.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nsupdate/api/views.py b/nsupdate/api/views.py index 3bd49b6..b015fc2 100644 --- a/nsupdate/api/views.py +++ b/nsupdate/api/views.py @@ -121,7 +121,10 @@ def basic_authenticate(auth): authmeth, auth = auth.split(' ', 1) if authmeth.lower() != 'basic': return - auth = base64.b64decode(auth.strip()).decode('utf-8') + # we ignore bytes that do not decode. username (hostname) and password + # (update secret) both have to be ascii, everything else is a configuration + # error on user side. + auth = base64.b64decode(auth.strip()).decode('utf-8', errors='ignore') username, password = auth.split(':', 1) return username, password