mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-22 14:22:40 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1736 from btcpayserver/basic-auth-fix

Browse source 
fail auth on incorrect basic auth value
This commit is contained in:
Nicolas Dorier 2020-07-13 18:03:26 +09:00 committed by GitHub
commit 37b065ce6a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs
View file

@ -39,11 +39,22 @@ namespace BTCPayServer.Security.GreenField
if (authHeader == null || !authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
return AuthenticateResult.NoResult();
var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
var decodedUsernamePassword =
Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
var username = decodedUsernamePassword[0];
var password = decodedUsernamePassword[1];
string password;
string username;
try
{
var encodedUsernamePassword =
authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
var decodedUsernamePassword =
Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
username = decodedUsernamePassword[0];
password = decodedUsernamePassword[1];
}
catch (Exception)
{
return AuthenticateResult.Fail(
"Basic authentication header was not in a correct format. (username:password encoded in base64)");
}
var result = await _signInManager.PasswordSignInAsync(username, password, true, true);
if (!result.Succeeded)