minio · ramondeklein · Jan 23, 2025 · Jan 23, 2025 · Jan 23, 2025
diff --git a/api/user_login.go b/api/user_login.go
@@ -129,6 +129,10 @@ func getLoginResponse(params authApi.LoginParams) (*models.LoginResponse, *Coded
 	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	lr := params.Body
+	// trim any leading and trailing whitespace from the login request
+	lr.AccessKey = strings.TrimSpace(lr.AccessKey)
+	lr.SecretKey = strings.TrimSpace(lr.SecretKey)
+	lr.Sts = strings.TrimSpace(lr.Sts)
 
 	clientIP := getClientIP(params.HTTPRequest)
 	client := GetConsoleHTTPClient(clientIP)

diff --git a/integration/login_test.go b/integration/login_test.go
@@ -131,6 +131,36 @@ func TestLogout(t *testing.T) {
 	assert.Equal(response.StatusCode, 200)
 }
 
+func TestLoginExtraSpaces(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	requestData := map[string]string{
+		"accessKey": " minioadmin ",
+		"secretKey": "minioadmin",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.Equal(204, response.StatusCode, "Login request should succeed")
+	assert.NotNil(response, "Login response is nil")
+	assert.Nil(err, "Login errored out")
+}
+
 func TestBadLogin(t *testing.T) {
 	assert := assert.New(t)