encode_basic_auth([], []) returns [], but the value is used to create binary.

[kennethlakin]

encode_basic_auth/2 is only called by basic_auth_header/1 at line 514: https://github.com/inaka/shotgun/blob/master/src/shotgun.erl#L514 . The return value is immediately put into a binary on line 515.

The first form of encode_basic_auth/2 (on line 520) returns an empty list. This would crash the attempt to insert into the binary on line 515. The second form is safe, because base64:encode returns a binary.

If two empty lists were passed to the other encode_basic_auth/2, the call to base64:encode wouldn't crash:

1> base64:encode([] ++ [$: | []]).
<<"Og==">>

I see that this code hasn't changed since its introduction.
Was the intent to

• Crash if Username and Password were empty?
• Output a zero-length binary if both were empty?

Or is the output from base64:encode/1 perfectly acceptable in the zero-length username and password case?

I'm currently adding specs to all of the functions in shotgun, so -once I know what the intent of the function was-, I'm more than happy to edit it to be correct.