Nigel Kukard 24f94abc32 fix(auth:basic): improved API basic auth handling to avoid exceptions ...

Currently passing an invalid Basic auth header (random string base64 encoded) would result in an
exception being raised due to a `username, password = auth_header.split()`.

I refactored the code in this decorator by checking explicitly that we are doing basic authentication
then by checking the number of entries returned by the split.

I also added exception handling for invalid UTF-8 code sequences.

Tested with a fuzzer.

Tested with valid and invalid credentials.

This fixes #1447.

2023-03-14 23:19:40 +00:00

..

lib

Revert "Revert "Clean up dashboard zone tabs""

2023-03-06 08:30:00 -05:00

models

Make the OTP label the same as the site_name #1237

2023-03-13 18:54:49 +01:00

routes

Merge branch 'dev' into custom_current_user

2023-03-12 17:23:44 +02:00

services

Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features.

2023-03-12 09:13:54 -04:00

static

Diff-ify changelog view for zone changes

2023-03-03 13:22:29 +01:00

templates

Re-arranged side navigation to include the "Global Search" feature regardless of user role as the global search feature is now accessible to all users.

2023-03-12 10:27:04 -04:00

__init__.py

Read flask session type from environment variable and create sessions table if not exist.

2023-03-08 17:05:32 +02:00

assets.py

Re-formatted the assets.py file to current PEP8 standards.

2023-03-11 08:48:19 -05:00

decorators.py

fix(auth:basic): improved API basic auth handling to avoid exceptions

2023-03-14 23:19:40 +00:00

default_config.py

Tweaked PR to include the latest asset build changes for CSS minimizer. Also updated the default session storage to use SQLAlchemy instead of the file system.

2023-03-10 16:34:55 -05:00

swagger-spec.yaml

Updated the unknown state

2022-05-23 16:46:11 +00:00