Updated basic auth plugin faas provider

Signed-off-by: Karthick Prabu <karthikprabu.cs@gmail.com>

auth/basic-auth/Gopkg.lock

@@ -2,12 +2,12 @@
 
 
 [[projects]]
-  digest = "1:57ef1eb08e128d58c028f402b2030582907c49efc461f4764cf5c9161a4af2c0"
+  digest = "1:1fa5fe80531abdddbdf5d3c467144cf66e29dd939878c6b53f4c67d2bf1970be"
   name = "github.com/openfaas/faas-provider"
   packages = ["auth"]
   pruneopts = "UT"
-  revision = "376c26ef02007abb7cadbd550bb75df166764473"
-  version = "0.9.1"
+  revision = "8699aa7d3999c17851f88640c0dd2291daafd45e"
+  version = "0.13.0"
 
 [[projects]]
   digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"

auth/basic-auth/Gopkg.toml

@@ -1,6 +1,6 @@
 [[constraint]]
   name = "github.com/openfaas/faas-provider"
-  version = "0.9.1"
+  version = "0.13.0"
 
 [prune]
   go-tests = true

auth/basic-auth/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go

@@ -4,6 +4,7 @@
 package auth
 
 import (
+	"crypto/subtle"
 	"net/http"
 )
 
@@ -12,10 +13,13 @@ func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredenti
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		user, password, ok := r.BasicAuth()
-		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 
-		if !ok || !(credentials.Password == password && user == credentials.User) {
+		const noMatch = 0
+		if !ok ||
+			user != credentials.User ||
+			subtle.ConstantTimeCompare([]byte(credentials.Password), []byte(password)) == noMatch {
 
+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte("invalid credentials"))
 			return

auth/basic-auth/vendor/github.com/openfaas/faas-provider/auth/credentials.go

@@ -17,7 +17,7 @@ type BasicAuthCredentials struct {
 }
 
 type ReadBasicAuth interface {
-	Read() (error, *BasicAuthCredentials)
+	Read() (*BasicAuthCredentials, error)
 }
 
 type ReadBasicAuthFromDisk struct {