From 3b4931a5d3aab85b2009dc347731185109c4b54f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simen=20Heggest=C3=B8yl?= Date: Wed, 11 Oct 2023 13:26:18 +0200 Subject: [PATCH] Disregard whitespace in whitelist check Disregard leading and trailing whitespace in both input email and whitelisted domains to make the check more robust against unintentionally added whitespace. --- .../utils/collectionUtils/DomainWhitelistCollection.js | 4 ++-- functions/backend/utils/handleAccessRequests.js | 8 +++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/functions/backend/utils/collectionUtils/DomainWhitelistCollection.js b/functions/backend/utils/collectionUtils/DomainWhitelistCollection.js index 0c700e52f..24cb6d54a 100644 --- a/functions/backend/utils/collectionUtils/DomainWhitelistCollection.js +++ b/functions/backend/utils/collectionUtils/DomainWhitelistCollection.js @@ -3,8 +3,8 @@ class DomainWhitelistCollection { this.collection = firestore.collection('domainWhitelist'); } - getDocumentById(id) { - return this.collection.doc(id).get(); + listDocuments() { + return this.collection.listDocuments(); } } diff --git a/functions/backend/utils/handleAccessRequests.js b/functions/backend/utils/handleAccessRequests.js index f0a51b8da..6d2abc846 100644 --- a/functions/backend/utils/handleAccessRequests.js +++ b/functions/backend/utils/handleAccessRequests.js @@ -27,15 +27,13 @@ export const createAccessRequest = async (db, accessRequest) => { return { code: 400, message: 'toaster.request.noEmail' }; } - const emailDomain = email.split('@')[1]; + const emailDomain = email.split('@')[1].trim(); const domainWhitelistCollection = new DomainWhitelistCollection(db); const usersCollection = new UsersCollection(db); - const domainWhitelistSnapshot = await domainWhitelistCollection.getDocumentById( - emailDomain - ); + const whitelist = await domainWhitelistCollection.listDocuments(); - if (domainWhitelistSnapshot.exists) { + if (whitelist.some((x) => x.id.trim() === emailDomain)) { try { await usersCollection.addDocument({ id: email, email });