Skip to content

Bugfix: Fix basic auth server error on malformed header#8

Merged
joschrag merged 10 commits into
mainfrom
bugfix/fix-basic-auth-server-error-on-malformed-header
Jun 16, 2026
Merged

Bugfix: Fix basic auth server error on malformed header#8
joschrag merged 10 commits into
mainfrom
bugfix/fix-basic-auth-server-error-on-malformed-header

Conversation

@joschrag

@joschrag joschrag commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Fixed errors within BasicAuth implementation:

  • fixed 500 error return on malformed header
  • added unit tests for this behaviour
  • changed passowrd comparison to fixed time function to mitigate timing attacks
    Project changes:
  • added ruff linting rules

@joschrag joschrag self-assigned this Jun 16, 2026
@joschrag joschrag added bug Something isn't working enhancement New feature or request labels Jun 16, 2026
@codecov

codecov Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 94.62366% with 5 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
dash_auth_async/_optional.py 57.14% 3 Missing ⚠️
dash_auth_async/basic_auth.py 95.23% 1 Missing ⚠️
dash_auth_async/websocket_auth.py 94.44% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@joschrag joschrag merged commit 6ea9a8e into main Jun 16, 2026
20 checks passed
@joschrag joschrag deleted the bugfix/fix-basic-auth-server-error-on-malformed-header branch June 18, 2026 13:34
joschrag added a commit that referenced this pull request Jun 18, 2026
@joschrag
Bugfix: Fix basic auth server error on malformed header (#8)
2d43c54 
* [fix]: Malformed header now results in 401 response instead of 500 error.

* [tests]: Add unit tests with malformed BasicAuth headers.

* [chore]: Add ruff checks and rules to pyproject.toml

Also removed bloated dependencies and extras.

* [fix]: Use constant time comparison for BasicAuth password.

* [docs]: Fix all ruff issues after config changes.

* [chore]: Bump project to version 1.2.1

* [chore]: Update linting rules for tests files.

* [docs]: Fix all ruff issues for test directory and usage.py

* [docs]: Fix leftover ruff issues.

* [chore]: Bump cryptography to fix GHSA OpenSSL advisory (https://github.com/joschrag/dash-auth-async/security/dependabot/6).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@joschrag joschrag

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joschrag