Fix incorrect username and password extraction

ballerina-platform · Jul 25, 2024 · 79115d5 · 79115d5
1 parent 4bb7082
commit 79115d5
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 6 deletions.
diff --git a/ballerina/auth_utils.bal b/ballerina/auth_utils.bal
@@ -29,13 +29,15 @@ public isolated function extractUsernameAndPassword(string credential) returns [
     if base64Decoded is byte[] {
         string|error base64DecodedResults = 'string:fromBytes(base64Decoded);
         if base64DecodedResults is string {
-            string[] decodedCredentials = re `:`.split(base64DecodedResults);
-            if decodedCredentials.length() != 2 ||
-                decodedCredentials[0].length() == 0 || decodedCredentials[1].length() == 0 {
-                return prepareError("Incorrect credential format. Format should be username:password");
-            } else {
-                return [decodedCredentials[0], decodedCredentials[1]];
+            int? colonIndex = base64DecodedResults.indexOf(":");
+            if colonIndex is int {
+                string username = base64DecodedResults.substring(0, colonIndex);
+                string password = base64DecodedResults.substring(colonIndex + 1);
+                if username.length() != 0 && password.length() != 0 {
+                    return [username, password];
+                }
             }
+            return prepareError("Incorrect credential format. Format should be username:password");
         } else {
             return prepareError("Failed to convert byte[] credential to string.", base64DecodedResults);
         }

diff --git a/ballerina/tests/auth_utils_test.bal b/ballerina/tests/auth_utils_test.bal
@@ -67,3 +67,19 @@ isolated function testExtractUsernameAndPasswordForEmptyUsername() returns Error
         test:assertFail("Expected error not found.");
     }
 }
+
+@test:Config {}
+isolated function testExtractUsernameAndPasswordWherePasswordIncludesColon() returns Error? {
+    string usernameAndPassword = "YWxpY2U6YWxpY2U6QDU=";
+    [string, string] [username, password] = check extractUsernameAndPassword(usernameAndPassword);
+    test:assertEquals(username, "alice");
+    test:assertEquals(password, "alice:@5");
+}
+
+@test:Config {}
+isolated function testExtractUsernameAndPasswordWherePasswordEndsWithColon() returns Error? {
+    string usernameAndPassword = "YWxpY2U6YWxpY2UxMjM6YWxpY2U6";
+    [string, string] [username, password] = check extractUsernameAndPassword(usernameAndPassword);
+    test:assertEquals(username, "alice");
+    test:assertEquals(password, "alice123:alice:");
+}
diff --git a/changelog.md b/changelog.md
@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Fixed
+- [Fix Incorrect Username and Password Extraction](https://github.com/ballerina-platform/ballerina-library/issues/6773)
+
 ## [2.11.0] - 2024-05-03
 
 - This version maintains compatibility with dependencies without any external changes.