shaw/SillyTavern
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Fix: HTTP Basic Auth fails when password contains colons (#5153)

Browse Source 
* Fix: HTTP Basic Auth fails when password contains colons

The credentials in HTTP Basic Auth are formatted as base64(username:password).
Per RFC 7617, the username must not contain a colon, but the password can.
The previous code used `.split(':')` which splits on all colons, truncating
passwords that contain ':' characters. Fix by splitting only on the first colon.

* Use spread syntax for credential parsing
This commit is contained in:
HimeHina
2026-02-14 23:44:54 +08:00
committed by GitHub
parent 843c572154
commit df0e1256e6
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/middleware/basicAuth.js
+2 -1
View File
@@ -32,9 +32,10 @@ const basicAuthMiddleware = async function (request, response, callback) {
}
const usePerUserAuth = PER_USER_BASIC_AUTH && ENABLE_ACCOUNTS;
const [username, password] = Buffer.from(credentials, 'base64')
const [username, ...passwordParts] = Buffer.from(credentials, 'base64')
.toString('utf8')
.split(':');
const password = passwordParts.join(':');
if (!usePerUserAuth && username === basicAuthUserName && password === basicAuthUserPassword) {
return callback();
src/users.js
+2 -1
View File
@@ -822,9 +822,10 @@ async function basicUserLogin(request) {
return false;
}
const [username, password] = Buffer.from(credentials, 'base64')
const [username, ...passwordParts] = Buffer.from(credentials, 'base64')
.toString('utf8')
.split(':');
const password = passwordParts.join(':');
const userHandles = await getAllUserHandles();
for (const userHandle of userHandles) {