You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
package internal
import (
"strings"
"log"
)
// Function that checks the whitelist
func checkWhitelist(whitelist []string, email string) bool {
// Trim spaces around the email before checking
email = strings.TrimSpace(email)
// Trim spaces around all the whitelisted emails
for i, w := range whitelist {
whitelist[i] = strings.TrimSpace(w)
}
// Now check if the trimmed email is in the whitelist
for _, w := range whitelist {
if w == email {
return true
}
}
// Optional: log a warning if the email has leading/trailing spaces
if strings.Contains(email, " ") {
log.Printf("Warning: Email %s has leading or trailing spaces.", email)
}
return false
}
Just stumbled on this while configuring a rules' whitelist:
If I configured
[email protected], [email protected]
, then both[email protected]
and[email protected]
(note the extra space) are authorized, but[email protected]
isn't.I suggest to either trim whitespace when checking, in this function:
https://github.com/thomseddon/traefik-forward-auth/blob/c4317b7503fb0528d002eb1e5ee43c4a37f055d0/internal/auth.go#L100C1-L108C2
Or to at least warn when parsing a rule with whitespace in an email. Happy to submit patches moving in either direction.
The text was updated successfully, but these errors were encountered: