Fix authorization for paths that previously used basic auth or any other kind of auth

Former-commit-id: 67acb24946126b952b6d23ffc970593884af7065 [formerly 71928cc331af175aafc7666a9e9291d798ad779f] [formerly 7fce3b3d7f8efd454f42ae9e2da81e241098097c [formerly 503cc79758]] Former-commit-id: 25a07e5ab482d8b3e2d9254c14ddba04398cf4ca [formerly 39c4bb7c66c4b0d046594a58b5070eac430f62da] Former-commit-id: 97c7005106996d9ddf2e2529cd1310dad37856a7
2024-06-07 23:00:43 +00:00 · 2017-07-22 13:46:21 +01:00 · 2017-07-22 13:46:21 +01:00 · c23e47b769
commit c23e47b769
parent 30486f968d
3 changed files with 6 additions and 71 deletions
--- a/auth.go
+++ b/auth.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"math/rand"
 	"net/http"
+	"strings"
 	"time"

 	"golang.org/x/crypto/bcrypt"
@ -92,7 +93,11 @@ type extractor []string

 func (e extractor) ExtractToken(r *http.Request) (string, error) {
 	token, _ := request.AuthorizationHeaderExtractor.ExtractToken(r)
-	if token != "" {
+
+	// Checks if the token isn't empty and if it contains three dots.
+	// The former prevents incompatibility with URLs that previously
+	// used basic auth.
+	if token != "" && strings.Count(token, ".") == 3 {
 		return token, nil
 	}

--- a/caddy/hugo/rice-box.go
+++ b/caddy/hugo/rice-box.go
--- a/rice-box.go.REMOVED.git-id
+++ b/rice-box.go.REMOVED.git-id
@ -1 +0,0 @@
-f25abd984c50ba9420d9a1911bd00ed2817ae334