Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encoding of http basic passwords #362

Open
johanhaleby opened this issue Jul 21, 2015 · 5 comments
Open

Encoding of http basic passwords #362

johanhaleby opened this issue Jul 21, 2015 · 5 comments
Labels
bug imported Priority-Medium

Comments

@johanhaleby
Copy link
Collaborator

From roth.ben...@gmail.com on November 23, 2012 16:05:14

What steps will reproduce the problem? 1. Use an umlaut for a password. example:
given().
auth().basic("someUser", "äöüß").
expect().
statusCode(200).
when().
post("/someUrl"); What is the expected output? What do you see instead? I would like an option to set the character encoding of the authentication credentials. I have already set the encoderConfig and decoderConfig to use UTF-8 as the default content charset.
I couldnt find an appropriate option yet. What version of the product are you using? On what operating system? Rest Assured 1.7
Operating system Windows 7

Original issue: http://code.google.com/p/rest-assured/issues/detail?id=208
@johanhaleby
Copy link
Collaborator Author

From roth.ben...@gmail.com on November 23, 2012 07:12:46

Additional info:
The authentication gets rejected by the server.
If I use a password without any umlaute the euthentication is successful.

@johanhaleby
Copy link
Collaborator Author

From johan.ha...@gmail.com on November 27, 2012 11:37:19

Interesting! As a work-around try using auth().preemptive().basic(..) and see if you run into the same error.

Thanks for reporting.

Status: Accepted

@johanhaleby
Copy link
Collaborator Author

From roth.ben...@gmail.com on November 27, 2012 12:10:31

I already did try that. The result is the same.

@johanhaleby
Copy link
Collaborator Author

From johan.ha...@gmail.com on December 05, 2012 13:12:00

Alright, I'll look into to it when I find time. Feel free to help out if you like.

@jmini
Copy link

jmini commented Dec 21, 2020

The PreemptiveBasicAuthScheme is using ISO-8859-1 to encode the password:

rest-assured/rest-assured/src/main/groovy/io/restassured/authentication/PreemptiveBasicAuthScheme.groovy

Lines 26 to 39 in 2389456

class PreemptiveBasicAuthScheme implements AuthenticationScheme {
private static final String AUTH_ENCODING = 'iso-8859-1'
def String userName
def String password
@Override void authenticate(HTTPBuilder httpBuilder) {
httpBuilder.headers[ 'Authorization' ] = generateAuthToken()
}
public String generateAuthToken() {
("Basic " + "$userName:$password".getBytes(AUTH_ENCODING).encodeBase64()).toString()
}
}

It seems that more and more tools are moving to UTF-8 (I have tried curl and Postman) based on this RFC:

2.1. The 'charset' auth-param
https://tools.ietf.org/html/rfc7617#section-2.1

So maybe an option could be added to Rest-Assured in order to control the desired encoding?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug imported Priority-Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johanhaleby @jmini