-
Change Request
-
Resolution: Fixed
-
Trivial
-
None
-
None
-
Sprint 99 (Apr 2023), Sprint 100 (May 2023)
-
1
Steps to reproduce:
- Create a HTTP agent item
- Change HTTP authentication to "Basic"
- Attempt to input either username or password exceeding 64 characters in length.
- (Additionally) Set a macro to the desired string, and use said macro in the username or pasword field of the item instead.
Result:
Field length is limited to 64 characters. Additional input is discarded. For anything that uses HTTP Basic usernames / passwords that exceed 64 characters, it's impossible to enter the entire string.
(Addittionally) When a macro is used for the HTTP username / password, the resulting Basic authorization header omits a username / password that exceeds 64 characters in length. As an example, having an 80 character user and 80 character password will return a header who's value is "Og==", which decodes to ":".
Expected:
Field should allow inputting of strings longer than 64 characters for cases where a username / password exceed 64 characters in length (e.g., OPNsense's API key / API secret, which are 80 characters, hard-coded)
(Additionally) When using a macro that exceeds 64 characters in length, the value should be included in the HTTP authorization header as usual, instead of being completely absent.
