Merge pull request #301 from silinternational/fix-email-mask

fix maskEmail to handle subdomains correctly
silinternational · Dec 10, 2024 · 8dab752 · 8dab752
2 parents 3f669bf + ad9ee0f
commit 8dab752
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 7 deletions.
diff --git a/dockerbuild/run-tests.sh b/dockerbuild/run-tests.sh
@@ -10,5 +10,6 @@ set -e
 
 ./vendor/bin/phpunit -v tests/AnnouncementTest.php
 ./vendor/bin/phpunit -v vendor/simplesamlphp/simplesamlphp/modules/sildisco/tests/
+./vendor/bin/phpunit -v vendor/simplesamlphp/simplesamlphp/modules/mfa/tests/
 
 /data/run-integration-tests.sh
diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php
@@ -912,14 +912,16 @@ public static function maskEmail(string $email): string
          * Add an '*' for each of the characters of the domain, except
          * for the first character of each part and the .
          */
-        list($domainA, $domainB) = explode('.', $domain);
+        $domainParts = explode('.', $domain);
+        $maskedDomain = '';
 
-        $newEmail .= substr($domainA, 0, 1);
-        $newEmail .= str_repeat('*', strlen($domainA) - 1);
-        $newEmail .= '.';
-
-        $newEmail .= substr($domainB, 0, 1);
-        $newEmail .= str_repeat('*', strlen($domainB) - 1);
+        foreach ($domainParts as $part) {
+            $firstCharacter = substr($part, 0, 1);
+            $maskedPart = $firstCharacter . str_repeat('*', max(strlen($part) - 1, 0));
+            $maskedDomain .= $maskedPart . '.';
+        }
+        $maskedDomain = rtrim($maskedDomain, '.');
+        $newEmail .= $maskedDomain;
         return $newEmail;
     }
 

diff --git a/modules/mfa/tests/MfaTest.php b/modules/mfa/tests/MfaTest.php
@@ -0,0 +1,25 @@
+<?php
+
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\Module\mfa\Auth\Process\Mfa;
+
+class MfaTest extends TestCase
+{
+    public static function setUpBeforeClass(): void
+    {
+    }
+
+    public function testMaskEmail()
+    {
+        $this->assertEquals("j**n@e******.c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("j***_s***h@e******.c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("t**t@t***.e******.c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("[email protected]*", Mfa::maskEmail("[email protected]"));
+
+        // just to be sure it doesn't throw an exception...
+        $this->assertEquals("t**t@e******..c**", Mfa::maskEmail("[email protected]"));
+        $this->assertEquals("@", Mfa::maskEmail("@"));
+    }
+
+}