Skip to content

Commit

Permalink
Fix: sanitized emails before access control check
Browse files Browse the repository at this point in the history
  • Loading branch information
@s1g53gv
s1g53gv committed Mar 1, 2024
1 parent a88b241 commit dc3b1e4
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
10 changes: 9 additions & 1 deletion app/src/main/java/it/bz/noi/community/oauth/AuthManager.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,15 @@ object AuthManager {
}
}

private fun Contact.matches(mail: String): Boolean = mail == email || mail == email2 || mail == email3
private fun Contact.matches(mail: String): Boolean {

// Mail can include garbage whitespaces.
fun String.sanitized() = trim()

return with (mail.sanitized()) {
equals(email?.sanitized(), true) || equals(email2?.sanitized(), true) || equals(email3?.sanitized(), true)
}
}

private suspend fun UserState.toStatus(): AuthStateStatus {
return when {
Expand Down
4 changes: 2 additions & 2 deletions app/version.properties
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
#Tue Sep 28 07:39:37 UTC 2021
VERSION_CODE=20
#Fri Mar 1 08:48:00 UTC 2024
VERSION_CODE=21

0 comments on commit dc3b1e4

Please sign in to comment.