From d7edd1b99b4ccd810c9c58e6b7a2ac574271b9c7 Mon Sep 17 00:00:00 2001
From: Enwei Jiao <enwei.jiao@zilliz.com>
Date: Mon, 8 May 2023 10:28:39 +0800
Subject: [PATCH] Fix parse token error (#23909)

Signed-off-by: Enwei Jiao <enwei.jiao@zilliz.com>
---
 internal/proxy/authentication_interceptor.go      | 4 ++++
 internal/proxy/authentication_interceptor_test.go | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/internal/proxy/authentication_interceptor.go b/internal/proxy/authentication_interceptor.go
index b4b22e885..d1c1e2152 100644
--- a/internal/proxy/authentication_interceptor.go
+++ b/internal/proxy/authentication_interceptor.go
@@ -29,6 +29,10 @@ func parseMD(authorization []string) (username, password string) {
 		return
 	}
 	secrets := strings.SplitN(rawToken, util.CredentialSeperator, 2)
+	if len(secrets) < 2 {
+		log.Warn("invalid token format, length of secrets less than 2")
+		return
+	}
 	username = secrets[0]
 	password = secrets[1]
 	return
diff --git a/internal/proxy/authentication_interceptor_test.go b/internal/proxy/authentication_interceptor_test.go
index 003923ad6..244a25689 100644
--- a/internal/proxy/authentication_interceptor_test.go
+++ b/internal/proxy/authentication_interceptor_test.go
@@ -38,6 +38,9 @@ func TestValidAuth(t *testing.T) {
 	assert.Nil(t, err)
 	res = validAuth(ctx, []string{crypto.Base64Encode("mockUser:mockPass")})
 	assert.True(t, res)
+
+	res = validAuth(ctx, []string{crypto.Base64Encode("mock")})
+	assert.False(t, res)
 }
 
 func TestValidSourceID(t *testing.T) {
-- 
GitLab