From dd756ef8d18f53a1c1ff9b70a014daef1f1ad4c8 Mon Sep 17 00:00:00 2001
From: Keshav Prasad <keshavprasadms@gmail.com>
Date: Thu, 13 Jan 2022 15:21:31 +0530
Subject: [PATCH] fix: empty header check in other blocks (#3151)

---
 kubernetes/opa/common/common.rego | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/kubernetes/opa/common/common.rego b/kubernetes/opa/common/common.rego
index 65d6045bc..bd491b89a 100644
--- a/kubernetes/opa/common/common.rego
+++ b/kubernetes/opa/common/common.rego
@@ -51,10 +51,10 @@ token_roles = user_token.payload.roles {
 userid = token_userid {
     not http_request.headers["x-authenticated-for"]
 } else = token_userid {
-    http_request.headers["x-authenticated-for"] == "" # This is a temporary fix as the mobile app is sending empty headers as x-authenticated-for: ""
+    count(http_request.headers["x-authenticated-for"]) == 0 # This is a temporary fix as the mobile app is sending empty headers as x-authenticated-for: ""
 } else = for_token_userid {
     http_request.headers["x-authenticated-for"]
-    http_request.headers["x-authenticated-for"] != ""
+    count(http_request.headers["x-authenticated-for"]) > 0
 }
 
 acls_check(acls) = indicies {
@@ -80,9 +80,14 @@ federation_id_check {
 
 parent_id_check {
     http_request.headers["x-authenticated-for"]
+    count(http_request.headers["x-authenticated-for"]) > 0
     token_userid == for_token_parentid
 }
 
+parent_id_check {
+    count(http_request.headers["x-authenticated-for"]) == 0
+}
+
 parent_id_check {
     not http_request.headers["x-authenticated-for"]
 }
-- 
GitLab