Improper Trimming of Usernames in `DASHBOARD_USERS` Environment Variable Leads to Authentication Bugs

[kleneway]

Description

There is a bug in the handling of the DASHBOARD_USERS environment variable where usernames are split by commas but are not trimmed of leading or trailing whitespace. This causes issues when the list includes spaces after commas, such as "user1, user2, user3". The resulting usernames contain unintended spaces (e.g., " user2" instead of "user2"), leading to authentication failures and user validation errors within the dashboard.

Impact

• Authentication Failures: Users with leading or trailing spaces in their usernames are unable to authenticate successfully.
• User Validation Errors: Functions that rely on exact username matching fail because of the additional whitespace.
• Inconsistent User Experience: Users may experience confusion or be denied access despite having correct credentials.

Expected Behavior

When parsing the DASHBOARD_USERS environment variable:

• Usernames should be split by commas.
• Each username should be trimmed of any leading or trailing whitespace.
• For example, "user1, user2, user3" should be correctly parsed into ["user1", "user2", "user3"].

Steps to Reproduce

1. Set the DASHBOARD_USERS environment variable in .env or .env.example to include spaces after commas:

   DASHBOARD_USERS=user1, user2, user3

2. Start the application.
3. Attempt to authenticate as user2.
4. Observe that authentication fails due to the username being parsed as " user2" with a leading space.

Possible Solution

Adjust the parsing logic for DASHBOARD_USERS to:

• Split the string by commas.
• Trim whitespace from each resulting username string.
• Ensure that all usernames are stored and compared without leading or trailing spaces.