Sanitize principals

Author: neo1908

helper/sanitizer.go

@@ -5,3 +5,9 @@ import "strings"
 func Sanitize(s string) string {
 	return strings.Replace(s, "\n", "", -1)
 }
+
+func SanitizeStringSlice(ss []string) {
+	for i, x := range ss {
+		ss[i] = Sanitize(x)
+	}
+}

helper/sanitizer_test.go

@@ -1,6 +1,10 @@
 package helper
 
-import "testing"
+import (
+	"reflect"
+	"strings"
+	"testing"
+)
 
 func TestSanitize(t *testing.T) {
 	ours := "abc"
@@ -19,3 +23,25 @@ func TestSanitizeWithNoNewLines(t *testing.T) {
 		t.Errorf("Got %s but wanted %s", theirs, ours)
 	}
 }
+
+func TestSliceSanitize(t *testing.T) {
+	ours := strings.Split("abc aaa def", " ")
+
+	theirs := strings.Split("abc aaa\n def\n\n", " ")
+	SanitizeStringSlice(theirs)
+
+	if !reflect.DeepEqual(ours, theirs) {
+		t.Errorf("Got %v but wanted %v", theirs, ours)
+	}
+}
+
+func TestSliceWithNoNewLinesSanitize(t *testing.T) {
+	ours := strings.Split("abc aaa def", " ")
+
+	theirs := strings.Split("abc aaa def", " ")
+	SanitizeStringSlice(theirs)
+
+	if !reflect.DeepEqual(ours, theirs) {
+		t.Errorf("Got %v but wanted %v", theirs, ours)
+	}
+}

server/handlers.go

@@ -47,6 +47,8 @@ func AuthenticationHandler(next http.Handler) http.Handler {
 		hasValidPrincipals := CheckPrincipals(user.Principals, signRequest.Principals)
 
 		if !hasValidPrincipals {
+			// Sanitize the principals for logging
+			helper.SanitizeStringSlice(signRequest.Principals)
 			authorisationFailed(w, "One or more unauthorised principals requested %v", signRequest.Principals)
 		}