fail auth on incorrect basic auth value

fixes #1713
2025-03-11 01:35:22 +01:00 · 2020-07-13 08:35:13 +02:00 · 2020-07-13 08:35:13 +02:00 · 4b392ad70a
commit 4b392ad70a
parent 42f6fbb4e5
1 changed files with 16 additions and 5 deletions
--- a/BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs
+++ b/BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs
@ -39,11 +39,22 @@ namespace BTCPayServer.Security.GreenField

            if (authHeader == null || !authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
                return AuthenticateResult.NoResult();
-            var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
-            var decodedUsernamePassword =
-                Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
-            var username = decodedUsernamePassword[0];
-            var password = decodedUsernamePassword[1];
+            string password;
+            string username;
+            try
+            {
+                var encodedUsernamePassword =
+                    authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
+                var decodedUsernamePassword =
+                    Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
+                username = decodedUsernamePassword[0];
+                password = decodedUsernamePassword[1];
+            }
+            catch (Exception)
+            {
+                return AuthenticateResult.Fail(
+                    "Basic authentication header was not in a correct format. (username:password encoded in base64)");
+            }

            var result = await _signInManager.PasswordSignInAsync(username, password, true, true);
            if (!result.Succeeded)