[
https://issues.apache.org/jira/browse/COUCHDB-969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12988027#action_12988027
]
Benoit Chesneau commented on COUCHDB-969:
-----------------------------------------
Are you url encoding your password ? It shouldn't be encoded if you provided it
non encoded.
> Basic Auth fails when : is present in password
> ----------------------------------------------
>
> Key: COUCHDB-969
> URL: https://issues.apache.org/jira/browse/COUCHDB-969
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 1.0.1
> Reporter: Isaac Z. Schlueter
>
> To reproduce:
> 1. Create a new user "testfunkychars" with password "12:12"
> 2. Logging in as this user in futon works, and will show up as
> "testfunkychars" in the userCtx in a validate_doc_update function.
> 3. Presenting a header of "Authorization: Basic dGVzdGZ1bmt5Y2hhcnM6MTI6MTI="
> does not work, and shows up as "null" in userCtx.
> According to the RFC 2617, the proper way to supply a Basic authorization
> header is:
> Authorization: Basic [basic-credentials]
> where [basic-credentials] is the base64 of userid + ":" + pass, where userid
> is *<TEXT except ":"> and pass is *<TEXT>.
> Thus, the proper way to construct this header is:
> echo -n "testfunkychars:12:12" | base64
> which outputs: dGVzdGZ1bmt5Y2hhcnM6MTI6MTI=.
> The only way to log in, however, is to POST the data to /_session, and then
> supply the cookie.
> For now, rather than add the complexity of cookie and session management to
> my application, I will simply not allow : characters in passwords. It would
> be better if couchdb handled : characters in passwords.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
