Merge pull request #404 from ThomasWaldmann/basic-auth-exception

catch exception for invalid http basic auth strings, fixes #401
2019-04-04 00:55:44 +02:00 · 2019-04-04 00:55:44 +02:00 · 282b1786ac
commit 282b1786ac
parent 53cf7ee6dd 1a8192b4bc
1 changed files with 5 additions and 1 deletions
--- a/nsupdate/api/views.py
+++ b/nsupdate/api/views.py
@ -119,7 +119,11 @@ def basic_authenticate(auth):
    :return: username, password [unicode on py2, str on py3]
    """
    assert isinstance(auth, str)
+    try:
        authmeth, auth = auth.split(' ', 1)
+    except ValueError:
+        # splitting failed, invalid auth string
+        return
    if authmeth.lower() != 'basic':
        return
    # we ignore bytes that do not decode. username (hostname) and password