Updated basic auth plugin faas provider

Signed-off-by: Karthick Prabu <karthikprabu.cs@gmail.com>

gateway/vendor/github.com/openfaas/faas-provider/auth/basic_auth.go

@@ -4,6 +4,7 @@
 package auth
 
 import (
+	"crypto/subtle"
 	"net/http"
 )
 
@@ -12,10 +13,13 @@ func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredenti
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		user, password, ok := r.BasicAuth()
-		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 
-		if !ok || !(credentials.Password == password && user == credentials.User) {
+		const noMatch = 0
+		if !ok ||
+			user != credentials.User ||
+			subtle.ConstantTimeCompare([]byte(credentials.Password), []byte(password)) == noMatch {
 
+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte("invalid credentials"))
 			return