Daniel,

this obviously is a bug.  I'll gladly review a patch, but if you don't have a good idea for a fix, please open a github issue (https://github.com/edicl/hunchentoot/issues/new).

Thanks,
Hans


On Tue, Apr 30, 2013 at 9:47 AM, Daniel Brunner <daniel@dbrunner.de> wrote:
Hi to all,

as I understood RFC2617 for basic authorization it is assumed that
username and password are seperated with a colon ":".

When a user enters an additional colon in username and/or password
Hunchentoot (1.2.7) fails with an error:

[2013-04-30 09:34:34 [ERROR]] Extra arguments in ("foo" "bar"
"blafasel") don't match lambda list (&OPTIONAL HUNCHENTOOT::USER
HUNCHENTOOT::PASSWORD).

The code in question is in the function AUTHORIZATION in request.lisp:

--
      (destructuring-bind (&optional user password)
          (split ":" (base64:base64-string-to-string (subseq
authorization start)))
--

I would prefer if Hunchentoot could handle this case silently without
signalling an error. What do you think?

Kind regards,
Daniel