api basic auth - ignore non-utf8 chars, fixes #282

2016-09-05 16:51:44 +02:00 · 2016-09-05 16:51:44 +02:00 · 253391053c
commit 253391053c
parent fbb781dd81
1 changed files with 4 additions and 1 deletions
--- a/nsupdate/api/views.py
+++ b/nsupdate/api/views.py
@ -121,7 +121,10 @@ def basic_authenticate(auth):
    authmeth, auth = auth.split(' ', 1)
    if authmeth.lower() != 'basic':
        return
-    auth = base64.b64decode(auth.strip()).decode('utf-8')
+    # we ignore bytes that do not decode. username (hostname) and password
+    # (update secret) both have to be ascii, everything else is a configuration
+    # error on user side.
+    auth = base64.b64decode(auth.strip()).decode('utf-8', errors='ignore')
    username, password = auth.split(':', 1)
    return username, password