Fix authorization for paths that previously used basic auth or any other kind of auth

2017-07-22 13:46:21 +01:00 · 2017-07-22 13:46:21 +01:00 · 503cc79758
parent a771d49b33
commit 503cc79758
3 changed files with 6 additions and 2388 deletions
--- a/auth.go
+++ b/auth.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"math/rand"
 	"net/http"
+	"strings"
 	"time"

 	"golang.org/x/crypto/bcrypt"
@ -92,7 +93,11 @@ type extractor []string

 func (e extractor) ExtractToken(r *http.Request) (string, error) {
 	token, _ := request.AuthorizationHeaderExtractor.ExtractToken(r)
-	if token != "" {
+
+	// Checks if the token isn't empty and if it contains three dots.
+	// The former prevents incompatibility with URLs that previously
+	// used basic auth.
+	if token != "" && strings.Count(token, ".") == 3 {
 		return token, nil
 	}

--- a/caddy/hugo/rice-box.go
+++ b/caddy/hugo/rice-box.go
--- a/rice-box.go
+++ b/rice-box.go