Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trim the whitelisted emails #371

Open
kuboschek opened this issue Apr 21, 2024 · 1 comment
Open

Trim the whitelisted emails #371

kuboschek opened this issue Apr 21, 2024 · 1 comment

Comments

@kuboschek
Copy link

Just stumbled on this while configuring a rules' whitelist:

If I configured [email protected], [email protected], then both [email protected] and [email protected] (note the extra space) are authorized, but [email protected] isn't.

I suggest to either trim whitespace when checking, in this function:

https://github.com/thomseddon/traefik-forward-auth/blob/c4317b7503fb0528d002eb1e5ee43c4a37f055d0/internal/auth.go#L100C1-L108C2

Or to at least warn when parsing a rule with whitespace in an email. Happy to submit patches moving in either direction.

@ljluestc
Copy link

package internal

import (
	"strings"
	"log"
)

// Function that checks the whitelist
func checkWhitelist(whitelist []string, email string) bool {
	// Trim spaces around the email before checking
	email = strings.TrimSpace(email)

	// Trim spaces around all the whitelisted emails
	for i, w := range whitelist {
		whitelist[i] = strings.TrimSpace(w)
	}

	// Now check if the trimmed email is in the whitelist
	for _, w := range whitelist {
		if w == email {
			return true
		}
	}

	// Optional: log a warning if the email has leading/trailing spaces
	if strings.Contains(email, " ") {
		log.Printf("Warning: Email %s has leading or trailing spaces.", email)
	}

	return false
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants