HTTP Auth credentials parsing fails with malformed base64, causing JSON encoding errors.

[terabytesoftw]

The getAuthCredentials() method in yii\web\Request does not validate base64-decoded data from the Authorization header, causing applications throw InvalidArgumentException: Malformed UTF-8 characters when the response is JSON encoded.

Steps to Reproduce

1. Send a request with malformed Authorization header:

   GET /api/endpoint HTTP/1.1
   Authorization: Basic foo:bar

2. In your controller action:

   public function actionAuth(): array
   {
       Yii::$app->response->format = Response::FORMAT_JSON;
   
       return [
           'username' => Yii::$app->request->getAuthUser(),
           'password' => Yii::$app->request->getAuthPassword(),
       ];
   }

3. Expected: Returns {"username": null, "password": null} with 200 status.

4. Actual: Throws InvalidArgumentException: Malformed UTF-8 characters, possibly incorrectly encoded with 500 status.

[xicond]

need to add
mb_check_encoding($decoded, 'UTF-8') checker