🚧 Fix critical auth bug

2026-04-11 16:38:25 +02:00 · 2026-04-11 16:38:25 +02:00 · 38fcb3e84c
commit 38fcb3e84c
parent 3409c2af3d
3 changed files with 13 additions and 3 deletions
--- a/pom.xml
+++ b/pom.xml
@ -80,6 +80,12 @@
            <artifactId>commons-codec</artifactId>
            <version>1.16.0</version>
        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.20.0</version>
+            <scope>compile</scope>
+        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.dataformat</groupId>
            <artifactId>jackson-dataformat-xml</artifactId>
--- a/src/main/java/dev/dinauer/maven/CustomAuthenticationMechanism.java
+++ b/src/main/java/dev/dinauer/maven/CustomAuthenticationMechanism.java
@ -18,8 +18,12 @@ import io.vertx.ext.web.RoutingContext;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import net.bytebuddy.implementation.bind.MethodDelegationBinder;
+import org.apache.commons.lang3.Strings;
 import org.jboss.logging.Logger;

+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+
@ApplicationScoped
 public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism
 {
@ -32,7 +36,7 @@ public class CustomAuthenticationMechanism implements HttpAuthenticationMechanis
        String authHeader = context.request().getHeader("Authorization");
        if (authHeader != null && authHeader.startsWith("Basic "))
        {
-            String[] sections = authHeader.split("\\s+");
+            String[] sections = new String(Base64.getDecoder().decode(Strings.CI.removeStart(authHeader, "Basic "))).split(":");
            if (sections.length == 2)
            {
                UsernamePasswordAuthenticationRequest request = new UsernamePasswordAuthenticationRequest(sections[0], new PasswordCredential(sections[1].toCharArray()));
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -3,7 +3,7 @@
 %dev.quarkus.http.port=8081
 %dev.quarkus.http.cors.origins=/.*/
 %dev.quarkus.http.cors.access-control-allow-credentials=true
-
+quarkus.http.access-log.enabled=true
 # Auth
 quarkus.http.auth.permission.authenticated.paths=/*
 quarkus.http.auth.permission.authenticated.policy=authenticated
@ -12,7 +12,7 @@ quarkus.http.auth.permission.permit.policy=permit

 # Postgres
 %dev,test.quarkus.datasource.db-kind=postgresql
-%dev,test.quarkus.hibernate-orm.schema-management.strategy=drop-and-create
+%dev,test.quarkus.hibernate-orm.schema-management.strategy=none
 %dev,test.quarkus.datasource.username=postgres
 %dev,test.quarkus.datasource.password=postgres
 %dev,test.quarkus.datasource.jdbc.url=jdbc:postgresql://localhost:5432/postgres