fix: fix incorrect base64 padding assumption (#12)

* fix: fix incorrect base64 padding assumption * test: add a test case to ensure base64 padding is irrelevant --------- Co-authored-by: Richard Ivánek <[email protected]>
keirlawson · Mar 6, 2024 · 80a1697 · 80a1697
1 parent 1f51ee5
commit 80a1697
Showing 1 changed file with 45 additions and 3 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -1,13 +1,13 @@
 mod config;
 mod helper;
 
+use base64::engine::general_purpose;
+use base64::Engine;
 use std::env;
 use std::error::Error;
 use std::fmt;
 use std::path::{Path, PathBuf};
 use std::str;
-use base64::Engine;
-use base64::engine::general_purpose;
 
 type Result<T> = std::result::Result<T, CredentialRetrievalError>;
 
@@ -69,7 +69,13 @@ fn config_dir() -> Option<PathBuf> {
 }
 
 fn decode_auth(encoded_auth: &str) -> Result<DockerCredential> {
-    let decoded = general_purpose::STANDARD_NO_PAD.decode(encoded_auth)
+    let config = general_purpose::GeneralPurposeConfig::new()
+        .with_decode_padding_mode(base64::engine::DecodePaddingMode::Indifferent);
+
+    let engine = general_purpose::GeneralPurpose::new(&base64::alphabet::STANDARD, config);
+
+    let decoded = engine
+        .decode(encoded_auth)
         .map_err(|_| CredentialRetrievalError::CredentialDecodingError)?;
     let decoded =
         str::from_utf8(&decoded).map_err(|_| CredentialRetrievalError::CredentialDecodingError)?;
@@ -177,6 +183,42 @@ mod tests {
         );
     }
 
+    #[test]
+    fn decodes_regardless_of_padding() {
+        let encoded_auths = [
+            general_purpose::STANDARD.encode("some_user:some_password"),
+            general_purpose::STANDARD_NO_PAD.encode("some_user:some_password"),
+        ];
+
+        let dummy_helper =
+            |_: &str, _: &str| Err(CredentialRetrievalError::HelperCommunicationError);
+
+        for encoded_auth in encoded_auths {
+            let auths = HashMap::from([(
+                String::from("some server"),
+                config::AuthConfig {
+                    auth: Some(encoded_auth),
+                },
+            )]);
+
+            let auth_config = config::DockerConfig {
+                auths: Some(auths),
+                creds_store: None,
+                cred_helpers: None,
+            };
+
+            let result = extract_credential(auth_config, "some server", dummy_helper);
+
+            assert_eq!(
+                result,
+                Ok(DockerCredential::UsernamePassword(
+                    String::from("some_user"),
+                    String::from("some_password")
+                ))
+            );
+        }
+    }
+
     #[test]
     fn gets_credential_from_helper() {
         let mut helpers = HashMap::new();