alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Rename function to SanitizeSSHUserPrincipal

Browse source
This commit is contained in:
Mariano Cano 2019-07-29 16:38:57 -07:00
parent 53f62f871c
commit 41b97372e6
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authority/provisioner/oidc.go
View file

@ -307,7 +307,7 @@ func (o *OIDC) authorizeSSHSign(claims *openIDPayload) ([]SignOption, error) {
if o.IsAdmin(claims.Email) {
signOptions = append(signOptions, &sshCertificateOptionsValidator{})
} else {
name := SanitizeSSHPrincipal(claims.Email)
name := SanitizeSSHUserPrincipal(claims.Email)
if !sshUserRegex.MatchString(name) {
return nil, errors.Errorf("invalid principal '%s' from email address '%s'", name, claims.Email)
}

10
authority/provisioner/provisioner.go
View file

@ -165,11 +165,11 @@ func (l *List) UnmarshalJSON(data []byte) error {
var sshUserRegex = regexp.MustCompile("^[a-z][-a-z0-9_]*$")
// SanitizeSSHPrincipal grabs an email or a string with the format local@domain
// and returns a sanitized version of the local, valid to be used as a user
// name. If the email starts with a letter between a and z, the resulting string
// will match the regular expression `^[a-z][-a-z0-9_]*$`.
func SanitizeSSHPrincipal(email string) string {
// SanitizeSSHUserPrincipal grabs an email or a string with the format
// local@domain and returns a sanitized version of the local, valid to be used
// as a user name. If the email starts with a letter between a and z, the
// resulting string will match the regular expression `^[a-z][-a-z0-9_]*$`.
func SanitizeSSHUserPrincipal(email string) string {
if i := strings.LastIndex(email, "@"); i >= 0 {
email = email[:i]
}