Skip to content

fix: accept standard base64 in WWW-Authenticate request field#149

Merged
gakonst merged 2 commits intomainfrom
fix/lenient-base64-decode
Mar 24, 2026
Merged

fix: accept standard base64 in WWW-Authenticate request field#149
gakonst merged 2 commits intomainfrom
fix/lenient-base64-decode

Conversation

@gakonst
Copy link
Contributor

@gakonst gakonst commented Mar 24, 2026

Problem

tempo request fails against servers that encode the request field in the WWW-Authenticate header using standard base64 (RFC 4648 §4, with +, /, and = padding) instead of base64url (RFC 4648 §5, with -, _, no padding).

Repro:

tempo request -t -X POST --json '{"vcpus":1,"ram_mb":256,"disk_gb":1,"duration":60}' https://openvps.sh/v1/provision
# → E_PAYMENT: "Unsupported payment method: "

The server returns a valid WWW-Authenticate header with method="tempo", but the request field uses standard base64 with = padding:

www-authenticate: Payment id="...", realm="mpp-hosting", method="tempo", intent="charge", request="eyJhbW91bnQiOi...In0=", ...

base64url_decode uses URL_SAFE_NO_PAD which rejects the = padding, causing parse_www_authenticate to fail. The error cascades before the method field is evaluated, producing the misleading "Unsupported payment method: " error with an empty string.

Solution

Normalize input in base64url_decode before decoding: strip = padding and map +-, /_. This follows Postel's law — strict output, lenient input — and aligns with the mppx TypeScript SDK, whose ox decoder already accepts both base64 variants.

  • Encoding (base64url_encode): unchanged, still produces spec-compliant base64url no-pad
  • Decoding (base64url_decode): now accepts both standard and URL-safe base64, with or without padding

Tests

  • test_base64url_decode_accepts_standard_base64_with_padding — standard base64 with =
  • test_base64url_decode_accepts_url_safe_without_padding — existing behavior preserved
  • test_base64url_decode_accepts_standard_alphabet_no_padding — standard alphabet, padding stripped
  • test_parse_www_authenticate_accepts_standard_base64_request — end-to-end: full header parse with standard base64 request field (reproduces the OpenVPS failure)

@gakonst
fix: accept standard base64 in WWW-Authenticate request field
e8a9770 
base64url_decode now normalizes standard base64 ('+', '/', '=' padding)
to URL-safe alphabet before decoding. Encoding remains strict base64url
no-pad per spec.

This aligns with the mppx TypeScript SDK, whose ox-powered decoder
accepts both alphabets. Without this fix, servers that emit standard
base64 in the WWW-Authenticate request field (e.g. OpenVPS) cause
tempo-request to fail with 'Unsupported payment method: ' because the
challenge parse error cascades before the method field is read.
@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026
edited
Loading

Tempo Lint Results

Summary

Found 674 issue(s) across 40 file(s)

Severity Count
Errors 0
Warnings 674
Hints 0

Issues by Rule Type

no-unwrap-in-lib (660 occurrences)
  • /home/runner/work/mpp-rs/mpp-rs/src/body_digest.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/client/fetch.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/mcp.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.
  • /home/runner/work/mpp-rs/mpp-rs/src/mcp.rs:1 - Avoid .unwrap() in library code. Use proper error handling with ? or .expect() with context.

... and 650 more

no-leading-whitespace-strings (10 occurrences)
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' for '
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' ({})'
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' is invalid.'
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' is invalid: already used.'
  • /home/runner/work/mpp-rs/mpp-rs/src/error.rs:1 - String literals should not start with leading whitespace. Found: ' (Premium access).'
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/types.rs:1 - String literals should not start with leading whitespace. Found: ' and backslashes '
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs:1 - String literals should not start with leading whitespace. Found: ' now'
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs:1 - String literals should not start with leading whitespace. Found: ' now'
  • /home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs:1 - String literals should not start with leading whitespace. Found: ' now'
  • /home/runner/work/mpp-rs/mpp-rs/src/proxy/service.rs:1 - String literals should not start with leading whitespace. Found: ' — '
unsafe-needs-safety-comment (4 occurrences)
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.
  • /home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs:1 - Unsafe block requires a SAFETY comment explaining why this is safe.

Issues by File

View grouped by file

/home/runner/work/mpp-rs/mpp-rs/src/protocol/core/challenge.rs (85 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 80 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/session/mod.rs (58 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 53 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/signing/mod.rs (54 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 49 more

/home/runner/work/mpp-rs/mpp-rs/src/server/mpp.rs (47 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 42 more

/home/runner/work/mpp-rs/mpp-rs/src/protocol/methods/tempo/session_method.rs (39 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 34 more

/home/runner/work/mpp-rs/mpp-rs/src/client/tempo/session/channel_ops.rs (38 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 33 more

/home/runner/work/mpp-rs/mpp-rs/src/protocol/methods/tempo/method.rs (35 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 30 more

/home/runner/work/mpp-rs/mpp-rs/src/protocol/core/headers.rs (34 issues)

  • Line 1: [warning] no-leading-whitespace-strings
  • Line 1: [warning] no-leading-whitespace-strings
  • Line 1: [warning] no-leading-whitespace-strings
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 29 more

/home/runner/work/mpp-rs/mpp-rs/src/server/middleware.rs (27 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 22 more

/home/runner/work/mpp-rs/mpp-rs/src/mcp.rs (25 issues)

  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • Line 1: [warning] no-unwrap-in-lib
  • ... and 20 more

Showing 10 of 40 files

Posted by https://github.com/tempoxyz/lints

gakonst added a commit to tempoxyz/wallet that referenced this pull request Mar 24, 2026
@gakonst
fix: bump mpp-rs to accept standard base64 in WWW-Authenticate
ce806b4 
Updates mpp dependency to include tempoxyz/mpp-rs#149, which makes
base64url_decode lenient — accepting both standard base64 ('+', '/',
'=' padding) and URL-safe base64 (no padding).

This fixes tempo-request failing against servers like OpenVPS that
encode the request field using standard base64 instead of base64url.
gakonst added a commit to tempoxyz/wallet that referenced this pull request Mar 24, 2026
@gakonst
fix: bump mpp-rs to accept standard base64 in WWW-Authenticate
739ff22 
Updates mpp dependency to include tempoxyz/mpp-rs#149, which makes
base64url_decode lenient — accepting both standard base64 ('+', '/',
'=' padding) and URL-safe base64 (no padding).

This fixes tempo-request failing against servers like OpenVPS that
encode the request field using standard base64 instead of base64url.
@gakonst gakonst mentioned this pull request Mar 24, 2026
Open
brendanjryan
brendanjryan approved these changes Mar 24, 2026
View reviewed changes
Copy link
Collaborator

@brendanjryan brendanjryan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@gakonst gakonst merged commit 04353f3 into main Mar 24, 2026
@github-actions github-actions bot mentioned this pull request Mar 24, 2026
Open
gakonst added a commit to tempoxyz/wallet that referenced this pull request Mar 24, 2026
@gakonst
fix: bump mpp-rs to accept standard base64 in WWW-Authenticate
d5afd14 
Updates mpp dependency to include tempoxyz/mpp-rs#149, which makes
base64url_decode lenient — accepting both standard base64 ('+', '/',
'=' padding) and URL-safe base64 (no padding).

This fixes tempo-request failing against servers like OpenVPS that
encode the request field using standard base64 instead of base64url.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendanjryan brendanjryan brendanjryan approved these changes

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@onbjerg onbjerg Awaiting requested review from onbjerg onbjerg is a code owner

@Slokh Slokh Awaiting requested review from Slokh Slokh is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gakonst @brendanjryan