Improve resilience to bad authorization headers

Catch IndexError when calling parse_keqv_list in
parse_authorization_header.  parse_keqv_list could raise an IndexError
exception if the header has an incomplete key=value pair.  Some examples
of this are a broken OAuth header (e.g., OAuth oauth_nonce=) and client
code that attempts to use IWA for authentication (i.e., Negotiate
b2F1dGhsaWI=).  IWA uses Base64 which may end with an "=".

Add unit tests for bad authorization headers raising ValueError.

1 files changed, 9 insertions, 0 deletions

diff --git a/tests/oauth1/rfc5849/test_utils.py b/tests/oauth1/rfc5849/test_utils.py
index 3e6ce2d..59ee744 100644
--- a/tests/oauth1/rfc5849/test_utils.py
+++ b/tests/oauth1/rfc5849/test_utils.py
@@ -42,6 +42,11 @@ class UtilsTests(TestCase):
     oauth_timestamp="137131201",
     oauth_nonce="7d8f3e4a",
     oauth_signature="djosJKDKJSD8743243%2Fjdk33klY%3D" """.strip()
+    bad_authorization_headers = (
+        "OAuth",
+        "OAuth oauth_nonce=",
+        "Negotiate b2F1dGhsaWI=",
+    )
 
     def test_filter_params(self):
 
@@ -127,3 +132,7 @@ class UtilsTests(TestCase):
             ('oauth_token', 'kkk9d7dh3k39sjv7'),
             ('realm', 'Example')]
         self.assertEqual(sorted(authorization_headers), sorted(correct_headers))
+
+        # Check against malformed headers.
+        for header in self.bad_authorization_headers:
+            self.assertRaises(ValueError, parse_authorization_header, header)