[BUGFIX] Prevent crash when email has not been set (#1466)

* [BUGFIX] Prevent crash when email has not been set

a83ccd7188 introduced a regression where if a misconfigured deployment presented an empty emails array setting `Remote-*` headers would fail.

If the emails array is empty we now set the `Remote-Email` header to an empty string.

* Add additional case for unit tests
This commit is contained in:
Amir Zarrinkafsh 2020-11-16 22:22:16 +11:00 committed by GitHub
parent 8e32a4b65f
commit 50df949520
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 1 deletions

View File

@ -159,7 +159,12 @@ func setForwardedHeaders(headers *fasthttp.ResponseHeader, username, name string
headers.Set(remoteUserHeader, username)
headers.Set(remoteGroupsHeader, strings.Join(groups, ","))
headers.Set(remoteNameHeader, name)
headers.Set(remoteEmailHeader, emails[0])
if emails != nil {
headers.Set(remoteEmailHeader, emails[0])
} else {
headers.Set(remoteEmailHeader, "")
}
}
}

View File

@ -413,6 +413,26 @@ func TestShouldVerifyFailingDetailsFetchingInBasicAuth(t *testing.T) {
"https://test.example.com", actualStatus, expStatus)
}
func TestShouldNotCrashOnEmptyEmail(t *testing.T) {
mock := mocks.NewMockAutheliaCtx(t)
defer mock.Close()
userSession := mock.Ctx.GetSession()
userSession.Username = testUsername
userSession.Emails = nil
userSession.AuthenticationLevel = authentication.OneFactor
mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
mock.Ctx.Request.Header.Set("X-Original-URL", "https://bypass.example.com")
VerifyGet(verifyGetCfg)(mock.Ctx)
expStatus, actualStatus := 200, mock.Ctx.Response.StatusCode()
assert.Equal(t, expStatus, actualStatus, "URL=%s -> StatusCode=%d != ExpectedStatusCode=%d",
"https://bypass.example.com", actualStatus, expStatus)
assert.Equal(t, []byte(nil), mock.Ctx.Response.Header.Peek("Remote-Email"))
}
type Pair struct {
URL string
Username string