From 50df9495207c159582afa8f8724f6c4acb2d243f Mon Sep 17 00:00:00 2001
From: Amir Zarrinkafsh <nightah@me.com>
Date: Mon, 16 Nov 2020 22:22:16 +1100
Subject: [PATCH] [BUGFIX] Prevent crash when email has not been set (#1466)

* [BUGFIX] Prevent crash when email has not been set

https://github.com/authelia/authelia/commit/a83ccd71887cb843adce10fe14d630fbf3ac9bec introduced a regression where if a misconfigured deployment presented an empty emails array setting `Remote-*` headers would fail.

If the emails array is empty we now set the `Remote-Email` header to an empty string.

* Add additional case for unit tests
---
 internal/handlers/handler_verify.go      |  7 ++++++-
 internal/handlers/handler_verify_test.go | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/internal/handlers/handler_verify.go b/internal/handlers/handler_verify.go
index 961f87c2f..407469b5b 100644
--- a/internal/handlers/handler_verify.go
+++ b/internal/handlers/handler_verify.go
@@ -159,7 +159,12 @@ func setForwardedHeaders(headers *fasthttp.ResponseHeader, username, name string
 		headers.Set(remoteUserHeader, username)
 		headers.Set(remoteGroupsHeader, strings.Join(groups, ","))
 		headers.Set(remoteNameHeader, name)
-		headers.Set(remoteEmailHeader, emails[0])
+
+		if emails != nil {
+			headers.Set(remoteEmailHeader, emails[0])
+		} else {
+			headers.Set(remoteEmailHeader, "")
+		}
 	}
 }
 
diff --git a/internal/handlers/handler_verify_test.go b/internal/handlers/handler_verify_test.go
index 06cfb744a..88e9a0d56 100644
--- a/internal/handlers/handler_verify_test.go
+++ b/internal/handlers/handler_verify_test.go
@@ -413,6 +413,26 @@ func TestShouldVerifyFailingDetailsFetchingInBasicAuth(t *testing.T) {
 		"https://test.example.com", actualStatus, expStatus)
 }
 
+func TestShouldNotCrashOnEmptyEmail(t *testing.T) {
+	mock := mocks.NewMockAutheliaCtx(t)
+	defer mock.Close()
+
+	userSession := mock.Ctx.GetSession()
+	userSession.Username = testUsername
+	userSession.Emails = nil
+	userSession.AuthenticationLevel = authentication.OneFactor
+	mock.Ctx.SaveSession(userSession) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
+
+	mock.Ctx.Request.Header.Set("X-Original-URL", "https://bypass.example.com")
+
+	VerifyGet(verifyGetCfg)(mock.Ctx)
+
+	expStatus, actualStatus := 200, mock.Ctx.Response.StatusCode()
+	assert.Equal(t, expStatus, actualStatus, "URL=%s -> StatusCode=%d != ExpectedStatusCode=%d",
+		"https://bypass.example.com", actualStatus, expStatus)
+	assert.Equal(t, []byte(nil), mock.Ctx.Response.Header.Peek("Remote-Email"))
+}
+
 type Pair struct {
 	URL                 string
 	Username            string