From feb7ded6a33b93abeb905252f9159bfef1597c45 Mon Sep 17 00:00:00 2001
From: Aaron Ball <nullspoon@iohq.net>
Date: Sun, 26 Jul 2015 14:02:26 -0600
Subject: Fixed issue with partial user matching

Grep wasn't specific enough, so a user who's name was a subset of another
user's (eg: user is allowed because user is in another user's username,
user-foo) would allow access. A rare scenario, but not safe for sure.
---
 gitaccess.pre-receive | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitaccess.pre-receive b/gitaccess.pre-receive
index 2b6f0e5..e91c59e 100755
--- a/gitaccess.pre-receive
+++ b/gitaccess.pre-receive
@@ -62,7 +62,7 @@ fi
 log "Attempted login for user ${GIT_USER} on ${commit_dest_str}"
 
 # See if user is permitted access to this repo
-grep -v '^#' users | grep ${GIT_USER} 2>&1 1>/dev/null
+grep -v '^#' users | grep "^${GIT_USER}\$" 2>&1 1>/dev/null
 
 if [[ $? != 0 ]]; then
   log "User is not permitted access to repo $(pwd)"
-- 
cgit v1.2.3