Merge pull request #126 from andacata/feat/125-report_not_encoded_aut…

…horization_token feat(auth): Report back if the auth token cannot be Base64-decoded
IZIVIA · Aug 2, 2024 · 2db9c13 · 2db9c13
2 parents c083557 + cd8f87c
commit 2db9c13
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/ocpi-toolkit-2.2.1/src/main/kotlin/com/izivia/ocpi/toolkit/common/HttpUtils.kt b/ocpi-toolkit-2.2.1/src/main/kotlin/com/izivia/ocpi/toolkit/common/HttpUtils.kt
@@ -324,7 +324,13 @@ fun HttpRequest.parseAuthorizationHeader() = getHeader(Header.AUTHORIZATION)
         }
     }
     ?.removePrefix("Token ")
-    ?.decodeBase64()
+    ?.let {
+        try {
+            it.decodeBase64()
+        } catch (e: Exception) {
+            throw HttpException(HttpStatus.BAD_REQUEST, "${Header.AUTHORIZATION} token cannot be decoded")
+        }
+    }
     ?: throw HttpException(HttpStatus.UNAUTHORIZED, "${Header.AUTHORIZATION} header missing")
 
 /**