Skip to content

feat: add auth.format for formatting credentials#65

Open
Phillip9587 wants to merge 5 commits intojshttp:masterfrom
Phillip9587:format
Open

feat: add auth.format for formatting credentials#65
Phillip9587 wants to merge 5 commits intojshttp:masterfrom
Phillip9587:format

Conversation

@Phillip9587
Copy link
Copy Markdown
Contributor

@Phillip9587 Phillip9587 commented Feb 12, 2025

This pull request introduces a new feature to the basic-auth library, adding a method to format credentials into a basic auth header string.

blakeembrey
blakeembrey reviewed Jan 27, 2026
View reviewed changes
Comment thread index.js Outdated
@Phillip9587 Phillip9587 mentioned this pull request Feb 26, 2026
Open
5 tasks
@Phillip9587 Phillip9587 requested a review from blakeembrey April 23, 2026 23:05
@Phillip9587
Copy link
Copy Markdown
Contributor Author

Phillip9587 commented Apr 23, 2026

@blakeembrey I rebased and added your suggestions to disallow colons in username and control characters in both username and password.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (08b56ca) to head (9994571).

Additional details and impacted files 
@@            Coverage Diff            @@
##            master       #65   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           21        60   +39     
  Branches         6        22   +16     
=========================================
+ Hits            21        60   +39

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Phillip9587
Copy link
Copy Markdown
Contributor Author

Phillip9587 commented Apr 23, 2026

Maybe we should merge this before #95 so that i can also add a cross-environment encodeBase64() in #95.

@blakeembrey
Merge branch 'master' into format
45220a1 
* master:
  Update docs to use `parse` method (jshttp#97)
@blakeembrey
Merge branch 'master' into format
6d84129 
* master:
  Improve parse perf with benchmarks (jshttp#96)
blakeembrey
blakeembrey reviewed Apr 23, 2026
View reviewed changes
Comment thread src/index.ts
);
}

if (credentials.name.length === 0 || credentials.pass.length === 0) {
Copy link
Copy Markdown
Member

@blakeembrey blakeembrey Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see anything requiring these to be non-empty, we should probably allow it.

Copy link
Copy Markdown
Contributor Author

@Phillip9587 Phillip9587 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RFC 7613, Section 3.1 states:

A username MUST NOT be zero bytes in length. This rule is to be enforced after any normalization and mapping of code points.

RFC 7613, Section 4.1 states:

A password MUST NOT be zero bytes in length. This rule is to be enforced after any normalization and mapping of code points.

If you think we should not enforce it I'm fine with it.

Copy link
Copy Markdown
Member

@blakeembrey blakeembrey Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I didn't see it in the specs for authentication, and the original basic auth specification said it was 0 or more characters. I think we should still remove it because that specification deviates further from allowed characters than just control characters.

Copy link
Copy Markdown
Member

@blakeembrey blakeembrey Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://www.rfc-editor.org/rfc/rfc2617:

  user-pass   = userid ":" password
  userid      = *<TEXT excluding ":">
  password    = *TEXT

Copy link
Copy Markdown
Contributor Author

@Phillip9587 Phillip9587 Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #55

Copy link
Copy Markdown
Member

@blakeembrey blakeembrey Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw that too but didn’t see any suggestion to disallow empty unless I overlooked it?

blakeembrey
blakeembrey reviewed Apr 23, 2026
View reviewed changes
Comment thread README.md Outdated
blakeembrey
blakeembrey reviewed Apr 23, 2026
View reviewed changes
Comment thread README.md Outdated
blakeembrey
blakeembrey reviewed Apr 23, 2026
View reviewed changes
Comment thread src/index.ts

if (
typeof credentials.name !== 'string' ||
typeof credentials.pass !== 'string'
Copy link
Copy Markdown
Member

@blakeembrey blakeembrey Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy to get rid of all the safety checks in the new major, but can do it in a follow up PR instead.

Copy link
Copy Markdown
Contributor Author

@Phillip9587 Phillip9587 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove them?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blakeembrey blakeembrey blakeembrey left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Phillip9587 @blakeembrey