Merge pull request #43 from Hywan/auth_basic_incomplete_credentials

`getCredentials` returns null if incomplete
sabre-io · Mar 30, 2015 · 42db5f4 · 42db5f4
2 parents 2b3214a + 4b149f0
commit 42db5f4
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/lib/Auth/Basic.php b/lib/Auth/Basic.php
@@ -37,7 +37,13 @@ function getCredentials() {
             return null;
         }
 
-        return explode(':',base64_decode(substr($auth, 6)), 2);
+        $credentials = explode(':',base64_decode(substr($auth, 6)), 2);
+
+        if (2 !== count($credentials)) {
+            return null;
+        }
+
+        return $credentials;
 
     }
 

diff --git a/tests/HTTP/Auth/BasicTest.php b/tests/HTTP/Auth/BasicTest.php
@@ -22,6 +22,18 @@ function testGetCredentials() {
 
     }
 
+    function testGetInvalidCredentialsColonMissing() {
+
+        $request = new Request('GET','/',array(
+            'Authorization' => 'Basic ' . base64_encode('userpass')
+        ));
+
+        $basic = new Basic('Dagger', $request, new Response());
+
+        $this->assertNull($basic->getCredentials($request));
+
+    }
+
     function testGetCredentialsNoheader() {
 
         $request = new Request('GET','/',array());