Basic authorization and colon in user, password

Daniel Brunner daniel at dbrunner.de
Tue Apr 30 07:47:52 UTC 2013


Hi to all,

as I understood RFC2617 for basic authorization it is assumed that
username and password are seperated with a colon ":".

When a user enters an additional colon in username and/or password
Hunchentoot (1.2.7) fails with an error:

[2013-04-30 09:34:34 [ERROR]] Extra arguments in ("foo" "bar"
"blafasel") don't match lambda list (&OPTIONAL HUNCHENTOOT::USER
HUNCHENTOOT::PASSWORD).

The code in question is in the function AUTHORIZATION in request.lisp:

--
      (destructuring-bind (&optional user password)
          (split ":" (base64:base64-string-to-string (subseq
authorization start)))
--

I would prefer if Hunchentoot could handle this case silently without
signalling an error. What do you think?

Kind regards,
Daniel



More information about the Tbnl-devel mailing list