mirror of
				https://github.com/TriliumNext/Notes.git
				synced 2025-10-25 17:13:25 +08:00 
			
		
		
		
	fix parsing the authentication header with password containing a colon, closes #3916
This commit is contained in:
		
							parent
							
								
									cc1f831a6a
								
							
						
					
					
						commit
						04caba9f5b
					
				| @ -110,8 +110,8 @@ function checkCredentials(req, res, next) { | |||||||
| 
 | 
 | ||||||
|     const header = req.headers['trilium-cred'] || ''; |     const header = req.headers['trilium-cred'] || ''; | ||||||
|     const auth = new Buffer.from(header, 'base64').toString(); |     const auth = new Buffer.from(header, 'base64').toString(); | ||||||
|     const [username, password] = auth.split(/:/); |     const colonIndex = auth.indexOf(':'); | ||||||
| 
 |     const password = colonIndex === -1 ? "" : auth.substr(colonIndex + 1); | ||||||
|     // username is ignored
 |     // username is ignored
 | ||||||
| 
 | 
 | ||||||
|     if (!passwordEncryptionService.verifyPassword(password)) { |     if (!passwordEncryptionService.verifyPassword(password)) { | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 zadam
						zadam