From 04caba9f5b05121109ad848be283177e34d22da1 Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Tue, 9 May 2023 23:44:43 +0200
Subject: [PATCH] fix parsing the authentication header with password
 containing a colon, closes #3916

---
 src/services/auth.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/services/auth.js b/src/services/auth.js
index 331f1d252..8081cd34c 100644
--- a/src/services/auth.js
+++ b/src/services/auth.js
@@ -110,8 +110,8 @@ function checkCredentials(req, res, next) {
 
     const header = req.headers['trilium-cred'] || '';
     const auth = new Buffer.from(header, 'base64').toString();
-    const [username, password] = auth.split(/:/);
-
+    const colonIndex = auth.indexOf(':');
+    const password = colonIndex === -1 ? "" : auth.substr(colonIndex + 1);
     // username is ignored
 
     if (!passwordEncryptionService.verifyPassword(password)) {