Fix HTTP basic auth parsing. - libeufin - Integration and sandbox testing for FinTech APIs and data formats

commit 5df710ed9fe1c7352c59092ee16fc989c8a54c2f
parent db5931eebdab2b3d113236eb989de12a4d20de36
Author: ms <ms@taler.net>
Date:   Sat, 18 Sep 2021 12:48:53 +0200

Fix HTTP basic auth parsing.

Diffstat:
M .idea/misc.xml  | 2 +-
M util/src/main/kotlin/HTTP.kt  | 8 ++++++--

2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/.idea/misc.xml b/.idea/misc.xml
@@ -9,5 +9,5 @@
   <component name="FrameworkDetectionExcludesConfiguration">
     <file type="web" url="file://$PROJECT_DIR$" />
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_15" default="true" project-jdk-name="11" project-jdk-type="JavaSDK" />
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" project-jdk-name="11" project-jdk-type="JavaSDK" />
 </project>
 \ No newline at end of file
diff --git a/util/src/main/kotlin/HTTP.kt b/util/src/main/kotlin/HTTP.kt
@@ -31,11 +31,15 @@ fun extractUserAndPassword(authorizationHeader: String): Pair<String, String> {
     val (username, password) = try {
         val split = authorizationHeader.split(" ")
         val plainUserAndPass = String(base64ToBytes(split[1]), Charsets.UTF_8)
-        plainUserAndPass.split(":")
+        val ret = plainUserAndPass.split(":")
+        if (ret.size != 2) throw java.lang.Exception(
+            "HTTP Basic auth line does not contain username and (only) password"
+        )
+        ret
     } catch (e: Exception) {
         throw UtilError(
             HttpStatusCode.BadRequest,
-            "invalid Authorization:-header received",
+            "invalid Authorization:-header received: ${e.message}",
             LibeufinErrorCode.LIBEUFIN_EC_AUTHENTICATION_FAILED
         )
     }

	libeufin Integration and sandbox testing for FinTech APIs and data formats
	Log \| Files \| Refs \| Submodules \| README \| LICENSE