Fix basic authentication with special characters
Closed this issue · 0 comments
mmatczuk commented
We are tempering special characters in basic auth headers.
url.UserInfo encodes special characters with URL encoding, see this example
func TestName(t *testing.T) {
fmt.Println(url.UserPassword("foo", "!@#$^&*").String())
}
output:
=== RUN TestName
foo:%21%40%23$%5E&%2A
--- PASS: TestName (0.00s)
PASSThis is not suitable for inclusion in a basic-auth header.
Experiments with FireFox(FF) has show that FF would send the text without encoding, for example
Proxy-Authorization: Basic Zm9vOiFAIyReJio=
base64 -d <<< 'Zm9vOiFAIyReJio='
foo:!@#$^&*
Moreover applying URL unescape on user and password when reading them from command line can cause parsing % as a beginning of an escape sequence.