From 39dda3f5344ba56e5ecc78c16c42091fbb1f6049 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Thu, 15 Apr 2021 18:02:52 +0200
Subject: [PATCH] Fix opds login with colon in password #1952

---
 cps/usermanagement.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cps/usermanagement.py b/cps/usermanagement.py
index ef7174c4..78e80afe 100644
--- a/cps/usermanagement.py
+++ b/cps/usermanagement.py
@@ -75,8 +75,9 @@ def load_user_from_auth_header(header_val):
     basic_username = basic_password = ''  # nosec
     try:
         header_val = base64.b64decode(header_val).decode('utf-8')
-        basic_username = header_val.split(':')[0]
-        basic_password = header_val.split(':')[1]
+        # Users with colon are invalid: rfc7617 page 4
+        basic_username = header_val.split(':', 1)[0]
+        basic_password = header_val.split(':', 1)[1]
     except (TypeError, UnicodeDecodeError, binascii.Error):
         pass
     user = _fetch_user_by_name(basic_username)