fix maskEmail to handle subdomains correctly

silinternational · Dec 7, 2024 · 8c80b6d · 8c80b6d
1 parent 3f669bf
commit 8c80b6d
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 8 deletions.
diff --git a/dockerbuild/run-tests.sh b/dockerbuild/run-tests.sh
@@ -10,5 +10,6 @@ set -e
 
 ./vendor/bin/phpunit -v tests/AnnouncementTest.php
 ./vendor/bin/phpunit -v vendor/simplesamlphp/simplesamlphp/modules/sildisco/tests/
+./vendor/bin/phpunit -v vendor/simplesamlphp/simplesamlphp/modules/mfa/tests/
 
 /data/run-integration-tests.sh
diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php
@@ -912,14 +912,9 @@ public static function maskEmail(string $email): string
          * Add an '*' for each of the characters of the domain, except
          * for the first character of each part and the .
          */
-        list($domainA, $domainB) = explode('.', $domain);
-
-        $newEmail .= substr($domainA, 0, 1);
-        $newEmail .= str_repeat('*', strlen($domainA) - 1);
-        $newEmail .= '.';
-
-        $newEmail .= substr($domainB, 0, 1);
-        $newEmail .= str_repeat('*', strlen($domainB) - 1);
+        $newEmail .= implode('.', array_map(function ($part) {
+            return substr($part, 0, 1) . str_repeat('*', max(strlen($part) - 1, 0));
+        }, explode('.', $domain)));
         return $newEmail;
     }
 

diff --git a/modules/mfa/tests/MfaTest.php b/modules/mfa/tests/MfaTest.php
@@ -0,0 +1,25 @@
+<?php
+
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\Module\mfa\Auth\Process\Mfa;
+
+class MfaTest extends TestCase
+{
+    public static function setUpBeforeClass(): void
+    {
+    }
+
+    public function testMaskEmail()
+    {
+        $this->assertEquals("j**n@e******.c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("j***_s***h@e******.c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("t**t@t***.e******.c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("[email protected]*", Mfa::maskEmail("[email protected]"));
+
+        // just to be sure it doesn't throw an exception...
+        $this->assertEquals("t**t@e******..c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("@", Mfa::maskEmail("@"));
+    }
+
+}