Skip to content

Commit 07b2986

Browse files
hoisiehoisie
authored
Merge pull request hoisie#195 from hoisie/basic-auth-crash
Add check for 'Authorization' header in GetBasicAuth
2 parents 14bd2ff + 5a1d226 commit 07b2986

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

helpers.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,9 +91,12 @@ func NewCookie(name string, value string, age int64) *http.Cookie {
9191
return &http.Cookie{Name: name, Value: value, Expires: utctime}
9292
}
9393

94-
// GetBasicAuth is a helper method of *Context that returns the decoded
95-
// user and password from the *Context's authorization header
94+
// GetBasicAuth returns the decoded user and password from the context's
95+
// 'Authorization' header.
9696
func (ctx *Context) GetBasicAuth() (string, string, error) {
97+
if len(ctx.Request.Header["Authorization"]) == 0 {
98+
return "", "", errors.New("No Authorization header provided")
99+
}
97100
authHeader := ctx.Request.Header["Authorization"][0]
98101
authString := strings.Split(string(authHeader), " ")
99102
if authString[0] != "Basic" {

web_test.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,6 +248,7 @@ var tests = []Test{
248248
{"POST", "/parsejson", map[string][]string{"Content-Type": {"application/json"}}, `{"a":"hello", "b":"world"}`, 200, "hello world"},
249249
//{"GET", "/testenv", "", 200, "hello world"},
250250
{"GET", "/authorization", map[string][]string{"Authorization": {BuildBasicAuthCredentials("foo", "bar")}}, "", 200, "foobar"},
251+
{"GET", "/authorization", nil, "", 200, "fail"},
251252
}
252253

253254
func buildTestRequest(method string, path string, body string, headers map[string][]string, cookies []*http.Cookie) *http.Request {

0 commit comments

Comments
 (0)