fix(authx): avoid overriding Basic auth

Signed-off-by: Dwi Siswanto <[email protected]>
projectdiscovery · Jul 29, 2024 · fa03906 · fa03906
1 parent 0c325b1
commit fa03906
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/pkg/authprovider/authx/basic_auth.go b/pkg/authprovider/authx/basic_auth.go
@@ -22,10 +22,18 @@ func NewBasicAuthStrategy(data *Secret) *BasicAuthStrategy {
 
 // Apply applies the basic auth strategy to the request
 func (s *BasicAuthStrategy) Apply(req *http.Request) {
-	req.SetBasicAuth(s.Data.Username, s.Data.Password)
+	if _, _, exists := req.BasicAuth(); !exists {
+		// NOTE(dwisiswant0): if the Basic auth is invalid, e.g. "Basic xyz",
+		// `exists` will be `false`. I'm not sure if we should check it through
+		// the presence of an "Authorization" header.
+		req.SetBasicAuth(s.Data.Username, s.Data.Password)
+	}
 }
 
 // ApplyOnRR applies the basic auth strategy to the retryable request
 func (s *BasicAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
-	req.SetBasicAuth(s.Data.Username, s.Data.Password)
+	if _, _, exists := req.BasicAuth(); !exists {
+		// NOTE(dwisiswant0): See line 26-28.
+		req.SetBasicAuth(s.Data.Username, s.Data.Password)
+	}
 }