| Subject: | _auth_htpasswd will fail if password contains a colon |
If the password contains a colon it will be cut off at the colon. That's because you call split() without a limit parameter and assign the result to a two-element list so split() implicitly uses a limit of 3 while you need a limit of 2.
The regular expression for the Authorization header should also be changed slightly.
See attached patch.
| Subject: | auth.patch |
diff -ur Dancer-Plugin-Auth-Htpasswd-0.020.orig/lib/Dancer/Plugin/Auth/Htpasswd.pm Dancer-Plugin-Auth-Htpasswd-0.020/lib/Dancer/Plugin/Auth/Htpasswd.pm
--- Dancer-Plugin-Auth-Htpasswd-0.020.orig/lib/Dancer/Plugin/Auth/Htpasswd.pm 2014-04-12 19:50:02.000000000 +0200
+++ Dancer-Plugin-Auth-Htpasswd-0.020/lib/Dancer/Plugin/Auth/Htpasswd.pm 2015-06-02 15:18:58.507601134 +0200
@@ -39,9 +39,9 @@
# Get authentication data from request
my $auth = request->header('Authorization');
- if (defined $auth && $auth =~ /^Basic (.*)$/) {
+ if (defined $auth && $auth =~ /^Basic\s+(.+)/) {
my ($user, $password) = split(/:/, (MIME::Base64::decode($1) ||
- ":"));
+ ":"), 2);
my $htpasswd = Authen::Htpasswd->new($passwd_file);