fix: bot suggestions

2025-11-06 09:05:44 +00:00 · 2025-04-30 18:15:11 +03:00
parent 1fec583ead
commit 3dff650e71
9 changed files with 101 additions and 27 deletions
--- a/frontend/bun.lockb
+++ b/frontend/bun.lockb
--- a/frontend/src/lib/i18n/locales/en-US.json
+++ b/frontend/src/lib/i18n/locales/en-US.json
@@ -41,7 +41,7 @@
    "totpTitle": "Enter your TOTP code",
    "unauthorizedTitle": "Unauthorized",
    "unauthorizedResourceSubtitle": "The user with username <Code>{{username}}</Code> is not authorized to access the resource <Code>{{resource}}</Code>.",
-    "unaothorizedLoginSubtitle": "The user with username <Code>{{username}}</Code> is not authorized to login.",
+    "unauthorizedLoginSubtitle": "The user with username <Code>{{username}}</Code> is not authorized to login.",
    "unauthorizedGroupsSubtitle": "The user with username <Code>{{username}}</Code> is not in the groups required by the resource <Code>{{resource}}</Code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
--- a/frontend/src/lib/i18n/locales/en.json
+++ b/frontend/src/lib/i18n/locales/en.json
@@ -41,7 +41,7 @@
    "totpTitle": "Enter your TOTP code",
    "unauthorizedTitle": "Unauthorized",
    "unauthorizedResourceSubtitle": "The user with username <Code>{{username}}</Code> is not authorized to access the resource <Code>{{resource}}</Code>.",
-    "unaothorizedLoginSubtitle": "The user with username <Code>{{username}}</Code> is not authorized to login.",
+    "unauthorizedLoginSubtitle": "The user with username <Code>{{username}}</Code> is not authorized to login.",
    "unauthorizedGroupsSubtitle": "The user with username <Code>{{username}}</Code> is not in the groups required by the resource <Code>{{resource}}</Code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
--- a/frontend/src/pages/logout-page.tsx
+++ b/frontend/src/pages/logout-page.tsx
@@ -10,7 +10,7 @@ import { useAppContext } from "../context/app-context";
 import { Trans, useTranslation } from "react-i18next";
 export const LogoutPage = () => {
-  const { isLoggedIn, oauth, provider, email } = useUserContext();
+  const { isLoggedIn, oauth, provider, email, username } = useUserContext();
  const { genericName } = useAppContext();
  const { t } = useTranslation();
@@ -65,7 +65,7 @@ export const LogoutPage = () => {
              t={t}
              components={{ Code: <Code /> }}
              values={{
-                username: email,
+                username: username,
              }}
            />
          )}
--- a/frontend/src/pages/unauthorized-page.tsx
+++ b/frontend/src/pages/unauthorized-page.tsx
@@ -41,13 +41,13 @@ export const UnauthorizedPage = () => {
          values={{ username, resource }}
        />
      </UnauthorizedLayout>
-    )
+    );
  }
  return (
    <UnauthorizedLayout>
      <Trans
-        i18nKey="unaothorizedLoginSubtitle"
+        i18nKey="unauthorizedLoginSubtitle"
        t={t}
        components={{ Code: <Code /> }}
        values={{ username }}
@@ -65,9 +65,7 @@ const UnauthorizedLayout = ({ children }: { children: React.ReactNode }) => {
        <Text size="xl" fw={700}>
          {t("Unauthorized")}
        </Text>
-        <Text>
+        <Text>{children}</Text>
        {children}
        </Text>
        <Button
          fullWidth
          mt="xl"
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -268,7 +268,7 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, lab
 	// Check if oauth is allowed
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
-		return utils.CheckWhitelist(labels.OAuthWhitelist, context.Username)
+		return utils.CheckWhitelist(labels.OAuthWhitelist, context.Email)
 	}
 	// Check users
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -114,7 +114,7 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 	if !authEnabled {
 		for key, value := range labels.Headers {
 			log.Debug().Str("key", key).Str("value", value).Msg("Setting header")
-			c.Header(key, value)
+			c.Header(key, utils.SanitizeHeader(value))
 		}
 		c.JSON(200, gin.H{
 			"status":  200,
@@ -209,15 +209,15 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 			return
 		}
-		c.Header("Remote-User", userContext.Username)
+		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
-		c.Header("Remote-Name", userContext.Name)
+		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
-		c.Header("Remote-Email", userContext.Email)
+		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
-		c.Header("Remote-Groups", userContext.OAuthGroups)
+		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
 		// Set the rest of the headers
 		for key, value := range labels.Headers {
 			log.Debug().Str("key", key).Str("value", value).Msg("Setting header")
-			c.Header(key, value)
+			c.Header(key, utils.SanitizeHeader(value))
 		}
 		// The user is allowed to access the app
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -328,5 +328,19 @@ func CheckWhitelist(whitelist string, str string) bool {
 // Capitalize just the first letter of a string
 func Capitalize(str string) string {
 	if len(str) == 0 {
 		return ""
 	}
 	return strings.ToUpper(string([]rune(str)[0])) + string([]rune(str)[1:])
 }
 // Sanitize header removes all control characters from a string
 func SanitizeHeader(header string) string {
 	return strings.Map(func(r rune) rune {
 		// Allow only printable ASCII characters (32-126) and safe whitespace (space, tab)
 		if r == ' ' || r == '\t' || (r >= 32 && r <= 126) {
 			return r
 		}
 		return -1
 	}, header)
 }
--- a/internal/utils/utils_test.go
+++ b/internal/utils/utils_test.go
@@ -467,3 +467,65 @@ func TestCheckWhitelist(t *testing.T) {
 		t.Fatalf("Expected %v, got %v", expected, result)
 	}
 }
 // Test capitalize
 func TestCapitalize(t *testing.T) {
 	t.Log("Testing capitalize with a valid string")
 	// Create variables
 	str := "test"
 	expected := "Test"
 	// Test the capitalize function
 	result := utils.Capitalize(str)
 	// Check if the result is equal to the expected
 	if result != expected {
 		t.Fatalf("Expected %v, got %v", expected, result)
 	}
 	t.Log("Testing capitalize with an empty string")
 	// Create variables
 	str = ""
 	expected = ""
 	// Test the capitalize function
 	result = utils.Capitalize(str)
 	// Check if the result is equal to the expected
 	if result != expected {
 		t.Fatalf("Expected %v, got %v", expected, result)
 	}
 }
 // Test the header sanitizer
 func TestSanitizeHeader(t *testing.T) {
 	t.Log("Testing sanitize header with a valid string")
 	// Create variables
 	str := "X-Header=value"
 	expected := "X-Header=value"
 	// Test the sanitize header function
 	result := utils.SanitizeHeader(str)
 	// Check if the result is equal to the expected
 	if result != expected {
 		t.Fatalf("Expected %v, got %v", expected, result)
 	}
 	t.Log("Testing sanitize header with an invalid string")
 	// Create variables
 	str = "X-Header=val\nue"
 	expected = "X-Header=value"
 	// Test the sanitize header function
 	result = utils.SanitizeHeader(str)
 	// Check if the result is equal to the expected
 	if result != expected {
 		t.Fatalf("Expected %v, got %v", expected, result)
 	}
 }