parse_authorization_header raises UnicodeDecodeError, not returning None

[ArchibaldArt]

werkzeug.http.parse_authorization_header() docstring states:

The return value is either None if the header was invalid or not given

But in case of passing string improperly formatted (i.e. not properly UTF-8 encoded) it raises UnicodeDecodeError exception:

>>> import base64
>>> from werkzeug.http import parse_authorization_header
>>> value = 'Basic ' + base64.b64encode(b'\xffser:pass').decode()
>>> parse_authorization_header(value)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/py3.8/lib/python3.8/site-packages/werkzeug/http.py", line 610, in parse_authorization_header
    "username": to_unicode(username, _basic_auth_charset),
  File "/py3.8/lib/python3.8/site-packages/werkzeug/_compat.py", line 219, in to_unicode
    return x.decode(charset, errors)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte

Am I right that exception handling should be added in parse_authorization_header()?

[davidism]

This is an issue with how you constructed the header, you relied on whatever encoding your local machine was set to rather than using 'utf-8'. I don't think this needs to be handled in Werkzeug as it shouldn't come up in normal use and would indicate an issue with the client if the encoding it sends doesn't decode the bytes.

[ArchibaldArt]

This is an issue with how you constructed the header, you relied on whatever encoding your local machine was set to rather than using 'utf-8'. I don't think this needs to be handled in Werkzeug as it shouldn't come up in normal use and would indicate an issue with the client if the encoding it sends doesn't decode the bytes.

Such behaviour differs from docstring. In fact Authorization header is improperly formatted and invalid.
Imagine you have a production server and someone sends auth requests using improperly formatted header. Correct behaviour will be to reply with 401 which in turn generated using None response taken from parse_authorization_header().

I.e. Flask-login uses Flask request.authorization which in turn uses parse_authorization_header().
In result you get UnicodeDecodeError rather than 401.

[mitsuhiko]

The server should not crash as a result of the client sending bad data. This is indeed a bug in the function that should be fixed.