diff options
| author | Carmen Wick | 2011-04-04 18:40:18 -0700 |
|---|---|---|
| committer | Carmen Wick | 2011-04-04 18:40:18 -0700 |
| commit | bbab859ae1a9ab3dc23ef2282178b22b934439e5 (patch) | |
| tree | 9526a0c4865b6703ecb162bab3d0e93bad225a9a | |
| parent | 39c0c07786c9fd74f280297cae383ac3ba675901 (diff) | |
| download | django-rest-framework-bbab859ae1a9ab3dc23ef2282178b22b934439e5.tar.bz2 | |
Better error handling for Basic authentication. Catch exceptions that could be thrown due to malformed input
| -rw-r--r-- | djangorestframework/authenticators.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/djangorestframework/authenticators.py b/djangorestframework/authenticators.py index ce7abd10..0d267b64 100644 --- a/djangorestframework/authenticators.py +++ b/djangorestframework/authenticators.py @@ -58,10 +58,21 @@ class BaseAuthenticator(object): class BasicAuthenticator(BaseAuthenticator): """Use HTTP Basic authentication""" def authenticate(self, request): + from django.utils.encoding import smart_unicode, DjangoUnicodeDecodeError + if 'HTTP_AUTHORIZATION' in request.META: auth = request.META['HTTP_AUTHORIZATION'].split() if len(auth) == 2 and auth[0].lower() == "basic": - uname, passwd = base64.b64decode(auth[1]).split(':') + try: + auth_parts = base64.b64decode(auth[1]).partition(':') + except TypeError: + return None + + try: + uname, passwd = smart_unicode(auth_parts[0]), smart_unicode(auth_parts[2]) + except DjangoUnicodeDecodeError: + return None + user = authenticate(username=uname, password=passwd) if user is not None and user.is_active: return user |