From 83d86aebb14cf7b9870751ff62ab9d3ae12898c7 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Thu, 9 Dec 2021 15:04:00 -0500
Subject: [PATCH] Perform full email match

---
 salt/common/tools/sbin/so-user | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index cf9fc91c0..72b1b9a64 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -310,7 +310,7 @@ function listUsers() {
 
   users=$(echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort)
   for user in $users; do
-    roles=$(grep "$user" "$elasticRolesFile" | cut -d: -f1 | tr '\n' ' ')
+    roles=$(grep ":$user\$" "$elasticRolesFile" | cut -d: -f1 | tr '\n' ' ')
     echo "$user: $roles"
   done
 }
@@ -341,7 +341,7 @@ function adjustUserRole() {
 
   filename="$socRolesFile"
   hasRole=0
-  grep "$role:" "$socRolesFile" | grep -q "$identityId" && hasRole=1
+  grep "^$role:" "$socRolesFile" | grep -q "$identityId" && hasRole=1
   if [[ "$op" == "add" ]]; then
     if [[ "$hasRole" == "1" ]]; then
       echo "User '$email' already has the role: $role"