From d94f67e0c87b07bd747f357983253eee5c4a81b5 Mon Sep 17 00:00:00 2001
From: boasting-squirrel <boasting.squirrel@gmail.com>
Date: Sat, 13 Apr 2019 21:44:17 +0200
Subject: Fixed auth check

---
 src/args.rs | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

(limited to 'src/args.rs')

diff --git a/src/args.rs b/src/args.rs
index 516e0b6..d1250c0 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -77,13 +77,24 @@ fn parse_interface(src: &str) -> Result<IpAddr, std::net::AddrParseError> {
 
 /// Checks wether the auth string is valid, i.e. it follows the syntax username:password
 fn parse_auth(src: &str) -> Result<(String, String), String> {
-    match src.find(':') {
-        Some(_) => {
-            let split = src.split(':').collect::<Vec<_>>();
-            Ok((split[0].to_owned(), split[1].to_owned()))
-        }
-        None => Err("Correct format is username:password".to_owned()),
+    let mut split = src.splitn(2, ':');
+
+    let username = match split.next() {
+        Some(username) => username,
+        None => return Err("Invalid credentials string, expected format is username:password".to_owned())
+    };
+
+    let password = match split.next() {
+        Some(password) => password,
+        None => return Err("Invalid credentials string, expected format is username:password".to_owned())
+    };
+    // Should we allow empty passwords ?
+
+    if username.len() > 255 {
+        return Err("Username length cannot exceed 255 characters".to_owned());
     }
+
+    Ok((username.to_owned(), password.to_owned()))
 }
 
 /// Parses the command line arguments
-- 
cgit v1.2.3