From 7a21d6b5f5b636d5cb315238ff64c984491823d1 Mon Sep 17 00:00:00 2001 From: Ferry Boender Date: Wed, 4 Jan 2017 14:09:49 +0100 Subject: [PATCH] Max split once on htauth password. Prevents failure when password contains colon (:) --- src/webapp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/webapp.py b/src/webapp.py index ebc8a98..7892f32 100644 --- a/src/webapp.py +++ b/src/webapp.py @@ -195,7 +195,7 @@ class ScriptFormWebApp(RequestHandler): if auth_header is not None: # Validate the username and password auth_unpw = auth_header.split(' ', 1)[1] - username, password = base64.decodestring(auth_unpw).split(":") + username, password = base64.decodestring(auth_unpw).split(":", 1) pw_hash = hashlib.sha256(password).hexdigest() if username in form_config.users and \