Correct parsing of basic authentication to comply with RFC7617

[gnaeser]

According to RFC7617 the password consists of everything following the first colon, including any colons.

Using string:tokens/2 effectively removes any leading and or trailing colons, and compacts all multiple colons in the password into single ones: Auth = "foo:::bar:::frob::::" gives {"foo", "bar:frob"}, which obviously is incorrect. The PR changes this to returning {"foo", "::bar:::frob::::"}.

[vinoski]

Thanks, I'll have a look at this soon.

[avtobiff]

The basic_auth tests doesn't seem to work

2023-11-08 09:55:49.576

Error: {{assertMatch,
            [{module,auth_SUITE},
             {line,60},
             {expression,"yaws : parse_auth ( Auth0 )"},
             {pattern,"{ User0 , Password0 , Auth0 }"},
             {value,
                 {undefined,undefined,
                     {"Authorization",
                      "Basic Zm9vOjo6YmFyOjo6ZnJvYjo6Ojo="}}}]},
        [{auth_SUITE,basic_auth,1,[{file,"auth_SUITE.erl"},{line,60}]},
         {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1782}]},
         {test_server,run_test_case_eval1,6,
             [{file,"test_server.erl"},{line,1291}]},
         {test_server,run_test_case_eval,9,
             [{file,"test_server.erl"},{line,1223}]}]}


			RESULT: Failed

[avtobiff]

Shouldn't an empty password be supported?
I.e. he following should return

yaws:parse_auth(auth_header("user","")).
{"user", undefined,{"Authorization","Basic dXNlcjo="}}

Currently this is returned

yaws:parse_auth(auth_header("user","")).
{undefined, undefined,{"Authorization","Basic dXNlcjo="}}

[gnaeser]

My fault! The line Auth0 = auth_header(User0, Password0), in the test should be {_, Auth0} = auth_header(User0, Password0),

Tests work now.

[gnaeser]

Got an out of band comment that I should add more tests.

[vinoski]

Got an out of band comment that I should add more tests.

Yes, we generally want tests for any new functionality.

[vinoski]

LGTM

[vinoski]

Thanks for fixing this!