2 files changed, 24 insertions, 18 deletions

diff --git a/src/args.rs b/src/args.rs
index 516e0b6..d1250c0 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -77,13 +77,24 @@ fn parse_interface(src: &str) -> Result<IpAddr, std::net::AddrParseError> {
 
 /// Checks wether the auth string is valid, i.e. it follows the syntax username:password
 fn parse_auth(src: &str) -> Result<(String, String), String> {
-    match src.find(':') {
-        Some(_) => {
-            let split = src.split(':').collect::<Vec<_>>();
-            Ok((split[0].to_owned(), split[1].to_owned()))
-        }
-        None => Err("Correct format is username:password".to_owned()),
+    let mut split = src.splitn(2, ':');
+
+    let username = match split.next() {
+        Some(username) => username,
+        None => return Err("Invalid credentials string, expected format is username:password".to_owned())
+    };
+
+    let password = match split.next() {
+        Some(password) => password,
+        None => return Err("Invalid credentials string, expected format is username:password".to_owned())
+    };
+    // Should we allow empty passwords ?
+
+    if username.len() > 255 {
+        return Err("Username length cannot exceed 255 characters".to_owned());
     }
+
+    Ok((username.to_owned(), password.to_owned()))
 }
 
 /// Parses the command line arguments
diff --git a/src/auth.rs b/src/auth.rs
index e8600fb..10e7a4a 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -7,7 +7,6 @@ pub struct Auth;
 /// HTTP Basic authentication errors
 pub enum BasicAuthError {
     Base64DecodeError,
-    InvalidUsernameFormat,
 }
 
 #[derive(Clone, Debug)]
@@ -24,13 +23,14 @@ pub fn parse_basic_auth(
     let basic_removed = authorization_header.to_str().unwrap().replace("Basic ", "");
     let decoded = base64::decode(&basic_removed).map_err(|_| BasicAuthError::Base64DecodeError)?;
     let decoded_str = String::from_utf8_lossy(&decoded);
-    let strings: Vec<&str> = decoded_str.splitn(2, ':').collect();
-    if strings.len() != 2 {
-        return Err(BasicAuthError::InvalidUsernameFormat);
-    }
+    let credentials: Vec<&str> = decoded_str.splitn(2, ':').collect();
+
+    // If argument parsing went fine, it means the HTTP credentials string is well formatted
+    // So we can safely unpack the username and the password
+
     Ok(BasicAuthParams {
-        username: strings[0].to_owned(),
-        password: strings[1].to_owned(),
+        username: credentials[0].to_owned(),
+        password: credentials[1].to_owned(),
     })
 }
 
@@ -50,11 +50,6 @@ impl Middleware<crate::MiniserveConfig> for Auth {
                             auth_headers.to_str().unwrap()
                         ))));
                     }
-                    Err(BasicAuthError::InvalidUsernameFormat) => {
-                        return Ok(Response::Done(
-                            HttpResponse::BadRequest().body("Invalid basic auth format"),
-                        ));
-                    }
                 };
                 if auth_req.username != required_auth.username
                     || auth_req.password != required_auth.password