Currently passing an invalid Basic auth header (random string base64 encoded) would result in an exception being raised due to a username, password = auth_header.split().
Similary passing a `Digest` authentication type would result in an exception as there is no :.
Thirdly passing invalid base64 encoded UTF-8 code sequences would result in exceptions as this issue (#1424).
I added code to check explicitly that we are doing basic authentication then by checking the number of entries returned by the split.
I also added exception handling for invalid UTF-8 code sequence exceptions.
Tested with a fuzzer.
Tested with valid and invalid credentials.
This fixes#1424.
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an
exception being raised due to a `username, password = auth_header.split()`.
I refactored the code in this decorator by checking explicitly that we are doing basic authentication
then by checking the number of entries returned by the split.
I also added exception handling for invalid UTF-8 code sequences.
Tested with a fuzzer.
Tested with valid and invalid credentials.
This fixes#1447.
This change fixes the migration on the `user` table, `confirmed` column to be compatible with PostgreSQL and MySQL databases.
Fixes#635 which introduced a breaking change for MySQL databases and resolves#1446.
```
Tested on:
- PostgreSQL:14 - WORKING
- PostgreSQL:15 - WORKING
- MariaDB:10.11 - WORKING
- MariaDB:10.10 - WORKING
- MariaDB:10.9 - WORKING
- MariaDB:10.8 - WORKING
- MariaDB:10.7 - WORKING
- MariaDB:10.6 - WORKING
- MariaDB:10.5 - WORKING
- MariaDB:10.3 - WORKING
```
Fixes Python 3.11 incompatibility using ancient lxml binary PyPI built against old libxml2.
This fixes#1442 and closes#1433.
The issue with python3-saml not working is because the binary lxml wheel is built against a different version of libxml2.
``--no-binary lxml`` can be used to fix this and python3-saml will work.
for references check these:
- https://github.com/onelogin/python3-saml/issues/292
- https://bugs.launchpad.net/lxml/+bug/1960668
- https://github.com/open-formulieren/open-forms/pull/2247
```
Tested on:
- ubuntu:23.04 - WORKING
- ubuntu:22.10 - WORKING
- ubuntu:22.04 - WORKING
- ubuntu:20.04 - WORKING
- ubuntu:18.04 - NOT WORKING - pip usage error with -r requirements.txt
- debian:10 - WORKING
- debian:11 - WORKING
- alpine:edge - WORKING
- alpine:3.17 - WORKING
- alpine:3.16 - WORKING
- alpine:3.15 - WORKING
- alpine:3.14 - WORKING
- rockylinux:9 - WORKING
- rockylinux:8 - NOT WORKING - pip usage error with -r requirements.txt
- almalinux:9 - WORKING
- almalinux:8 - NOT WORKING - pip usage error with -r requirements.txt
- fedora:36 - WORKING
- fedora:37 - WORKING
- fedora:38 - WORKING
- fedora:39 - WORKING
```
Modified the yarn.lock file to remove what appears to be a dependency overwrite for Font Awesome icons which results in an older 5.x release overwriting the newer 6.x release.
