only split Authorization value at first colon

2018-02-03 15:45:12 -05:00 · 2018-02-03 15:45:12 -05:00 · 7d322e75af
parent 4bac9328b6
commit 7d322e75af
1 changed files with 1 additions and 1 deletions
--- a/modules/security/src/main/SecurityApi.scala
+++ b/modules/security/src/main/SecurityApi.scala
@ -100,7 +100,7 @@ final class SecurityApi(
  case class BasicAuth(username: String, password: User.ClearPassword)

  def reqBasicAuth(req: RequestHeader): Option[BasicAuth] =
-    req.headers get "Authorization" flatMap lila.common.String.base64.decode map (_ split ':') collect {
+    req.headers get "Authorization" flatMap lila.common.String.base64.decode map (_.split(":", 2)) collect {
      case Array(username, password) => BasicAuth(username, User.ClearPassword(password))
    }