Add error on basic auth build if users is empty

pkg/middlewares/auth/basic_auth.go

@@ -41,6 +41,10 @@ func NewBasic(ctx context.Context, next http.Handler, authConfig dynamic.BasicAu
 		return nil, err
 	}
 
+	if len(users) == 0 {
+		return nil, fmt.Errorf("no users found in %s", authConfig.UsersFile)
+	}
+
 	// To prevent timing attacks, we need to compute a hash even if the user is not found.
 	// We assume it to be safe only when the users hashes are all from the same algorithm,
 	// so we can pick the first one as a random hash to compute.

pkg/middlewares/auth/basic_auth_test.go

@@ -14,6 +14,15 @@ import (
 	"github.com/traefik/traefik/v2/pkg/testhelpers"
 )
 
+func TestNewBasicEmpty(t *testing.T) {
+	auth := dynamic.BasicAuth{
+		Users: []string{},
+	}
+
+	_, err := NewBasic(t.Context(), nil, auth, "authName")
+	require.Error(t, err)
+}
+
 func TestNewBasicNotFoundSecretIsSet(t *testing.T) {
 	auth := dynamic.BasicAuth{
 		Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"},