mirror of
https://github.com/zadam/trilium.git
synced 2025-06-06 18:08:33 +02:00
fix parsing the authentication header with password containing a colon, closes #3916
This commit is contained in:
parent
cc1f831a6a
commit
04caba9f5b
@ -110,8 +110,8 @@ function checkCredentials(req, res, next) {
|
|||||||
|
|
||||||
const header = req.headers['trilium-cred'] || '';
|
const header = req.headers['trilium-cred'] || '';
|
||||||
const auth = new Buffer.from(header, 'base64').toString();
|
const auth = new Buffer.from(header, 'base64').toString();
|
||||||
const [username, password] = auth.split(/:/);
|
const colonIndex = auth.indexOf(':');
|
||||||
|
const password = colonIndex === -1 ? "" : auth.substr(colonIndex + 1);
|
||||||
// username is ignored
|
// username is ignored
|
||||||
|
|
||||||
if (!passwordEncryptionService.verifyPassword(password)) {
|
if (!passwordEncryptionService.verifyPassword(password)) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user