Tuesday, 24 October 2023
  1 Replies
  313 Visits
  Subscribe
Greetings
I encountered a problem with the basic authentication procedure.
Basic authentication fails.
I don't know if I'm doing something wrong or there is a bug in the DoExecute procedure of the sgcIdCustomHTTPServer unit.
At line 1486 the original value of the "Authorization" rowheader is assigned, but the Authtype is not removed, so the subsequent DoParseAuthentication operation fails.
I added the line "Fetch(s, ' ');" after assigning the original value to s and everything works.
Below is an excerpt of the modified code (the added line in red)

// Authentication
s := LRequestInfo.RawHeaders.Values['Authorization']; {Do not Localize}
if Length(s) > 0 then begin
LRequestInfo.FAuthType := Fetch(s, ' ');
//-->sgc: get the value of the user/password when basic auth (andrea patch)
if TextIsSame(LRequestInfo.FAuthType, 'Basic') then
begin
LDecoder := TIdDecoderMIME.Create;
try
s := LDecoder.DecodeString(s, IndyTextEncoding_UTF8);
finally
LDecoder.Free;
end;
LRequestInfo.FAuthUsername := Fetch(s, ':');
LRequestInfo.FAuthPassword := s;
// ... assign original value
s := LRequestInfo.RawHeaders.Values['Authorization'];
Fetch(s, ' ');
end;
//<--sgc
LRequestInfo.FAuthExists := DoParseAuthentication(AContext, LRequestInfo.FAuthType, s, LRequestInfo.FAuthUsername, LRequestInfo.FAuthPassword);
if not LRequestInfo.FAuthExists then begin
raise EIdHTTPUnsupportedAuthorisationScheme.Create(
RSHTTPUnsupportedAuthorisationScheme);
end;
end;