From bbab859ae1a9ab3dc23ef2282178b22b934439e5 Mon Sep 17 00:00:00 2001
From: Carmen Wick
Date: Mon, 4 Apr 2011 18:40:18 -0700
Subject: Better error handling for Basic authentication. Catch exceptions that
 could be thrown due to malformed input

---
 djangorestframework/authenticators.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'djangorestframework/authenticators.py')

diff --git a/djangorestframework/authenticators.py b/djangorestframework/authenticators.py
index ce7abd10..0d267b64 100644
--- a/djangorestframework/authenticators.py
+++ b/djangorestframework/authenticators.py
@@ -58,10 +58,21 @@ class BaseAuthenticator(object):
 class BasicAuthenticator(BaseAuthenticator):
     """Use HTTP Basic authentication"""
     def authenticate(self, request):
+        from django.utils.encoding import smart_unicode, DjangoUnicodeDecodeError
+        
         if 'HTTP_AUTHORIZATION' in request.META:
             auth = request.META['HTTP_AUTHORIZATION'].split()
             if len(auth) == 2 and auth[0].lower() == "basic":
-                uname, passwd = base64.b64decode(auth[1]).split(':')
+                try:
+                    auth_parts = base64.b64decode(auth[1]).partition(':')
+                except TypeError:
+                    return None
+                
+                try:
+                    uname, passwd = smart_unicode(auth_parts[0]), smart_unicode(auth_parts[2])
+                except DjangoUnicodeDecodeError:
+                    return None
+                    
                 user = authenticate(username=uname, password=passwd)
                 if user is not None and user.is_active:
                     return user
-- 
cgit v1.2.3