diff options
| author | boasting-squirrel <boasting.squirrel@gmail.com> | 2019-04-13 19:44:17 +0000 |
|---|---|---|
| committer | boasting-squirrel <boasting.squirrel@gmail.com> | 2019-04-13 19:44:17 +0000 |
| commit | d94f67e0c87b07bd747f357983253eee5c4a81b5 (patch) | |
| tree | 7abd7ffccb5e7239f0f943465a07d11e75269eb5 /src | |
| parent | Made code more idiomatic (diff) | |
| download | miniserve-d94f67e0c87b07bd747f357983253eee5c4a81b5.tar.gz miniserve-d94f67e0c87b07bd747f357983253eee5c4a81b5.zip | |
Fixed auth check
Diffstat (limited to 'src')
| -rw-r--r-- | src/args.rs | 23 | ||||
| -rw-r--r-- | src/auth.rs | 19 |
2 files changed, 24 insertions, 18 deletions
diff --git a/src/args.rs b/src/args.rs index 516e0b6..d1250c0 100644 --- a/src/args.rs +++ b/src/args.rs @@ -77,13 +77,24 @@ fn parse_interface(src: &str) -> Result<IpAddr, std::net::AddrParseError> { /// Checks wether the auth string is valid, i.e. it follows the syntax username:password fn parse_auth(src: &str) -> Result<(String, String), String> { - match src.find(':') { - Some(_) => { - let split = src.split(':').collect::<Vec<_>>(); - Ok((split[0].to_owned(), split[1].to_owned())) - } - None => Err("Correct format is username:password".to_owned()), + let mut split = src.splitn(2, ':'); + + let username = match split.next() { + Some(username) => username, + None => return Err("Invalid credentials string, expected format is username:password".to_owned()) + }; + + let password = match split.next() { + Some(password) => password, + None => return Err("Invalid credentials string, expected format is username:password".to_owned()) + }; + // Should we allow empty passwords ? + + if username.len() > 255 { + return Err("Username length cannot exceed 255 characters".to_owned()); } + + Ok((username.to_owned(), password.to_owned())) } /// Parses the command line arguments diff --git a/src/auth.rs b/src/auth.rs index e8600fb..10e7a4a 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -7,7 +7,6 @@ pub struct Auth; /// HTTP Basic authentication errors pub enum BasicAuthError { Base64DecodeError, - InvalidUsernameFormat, } #[derive(Clone, Debug)] @@ -24,13 +23,14 @@ pub fn parse_basic_auth( let basic_removed = authorization_header.to_str().unwrap().replace("Basic ", ""); let decoded = base64::decode(&basic_removed).map_err(|_| BasicAuthError::Base64DecodeError)?; let decoded_str = String::from_utf8_lossy(&decoded); - let strings: Vec<&str> = decoded_str.splitn(2, ':').collect(); - if strings.len() != 2 { - return Err(BasicAuthError::InvalidUsernameFormat); - } + let credentials: Vec<&str> = decoded_str.splitn(2, ':').collect(); + + // If argument parsing went fine, it means the HTTP credentials string is well formatted + // So we can safely unpack the username and the password + Ok(BasicAuthParams { - username: strings[0].to_owned(), - password: strings[1].to_owned(), + username: credentials[0].to_owned(), + password: credentials[1].to_owned(), }) } @@ -50,11 +50,6 @@ impl Middleware<crate::MiniserveConfig> for Auth { auth_headers.to_str().unwrap() )))); } - Err(BasicAuthError::InvalidUsernameFormat) => { - return Ok(Response::Done( - HttpResponse::BadRequest().body("Invalid basic auth format"), - )); - } }; if auth_req.username != required_auth.username || auth_req.password != required_auth.password |