fix(1356): test if session variable is null (#1357)

* fix(1356): test if session variable is null * fix(1356): adding changelog Co-authored-by: Hedi Harzallah <hharzalla@talend.com>
2021-09-09 13:12:29 +02:00 · 2021-09-09 13:12:29 +02:00 · ccbb98acd9
parent 54d44ccb8f
commit ccbb98acd9
2 changed files with 4 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -34,6 +34,7 @@
 - [#1244](https://github.com/oauth2-proxy/oauth2-proxy/pull/1244) Update Alpine image version to 3.14 (@ahovgaard)
 - [#1317](https://github.com/oauth2-proxy/oauth2-proxy/pull/1317) Fix incorrect `</form>` tag on the sing_in page when *not* using a custom template (@jord1e)
 - [#1330](https://github.com/oauth2-proxy/oauth2-proxy/pull/1330) Allow specifying URL as input for custom sign in logo (@MaikuMori)
 - [#1357](https://github.com/oauth2-proxy/oauth2-proxy/pull/1357) Fix unsafe access to session variable (@harzallah)
 # V7.1.3
--- a/pkg/middleware/basic_session.go
+++ b/pkg/middleware/basic_session.go
@ -31,7 +31,9 @@ func loadBasicAuthSession(validator basic.Validator, sessionGroups []string, pre
 	if preferEmail {
 		getSession = func(validator basic.Validator, sessionGroups []string, req *http.Request) (*sessionsapi.SessionState, error) {
 			session, err := getBasicSession(validator, sessionGroups, req)
-			session.Email = session.User
+			if session != nil {
 				session.Email = session.User
 			}
 			return session, err
 		}
 	}