Ensure SessionStores can handle recieving cookies for the wrong implementation

This commit is contained in:
Joel Speed 2019-05-30 11:55:42 +01:00
parent 6d7f0ab57d
commit 131206cf41
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
2 changed files with 28 additions and 1 deletions

View File

@ -237,7 +237,12 @@ func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, e
} }
// Valid cookie, decode the ticket // Valid cookie, decode the ticket
return decodeTicket(store.CookieOptions.CookieName, val) ticket, err := decodeTicket(store.CookieOptions.CookieName, val)
if err != nil {
// If we can't decode the ticket we have to create a new one
return newTicket()
}
return ticket, nil
} }
func newTicket() (*TicketData, error) { func newTicket() (*TicketData, error) {

View File

@ -16,6 +16,7 @@ import (
"github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/cookie"
"github.com/pusher/oauth2_proxy/pkg/apis/options" "github.com/pusher/oauth2_proxy/pkg/apis/options"
sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions"
"github.com/pusher/oauth2_proxy/pkg/cookies"
"github.com/pusher/oauth2_proxy/pkg/sessions" "github.com/pusher/oauth2_proxy/pkg/sessions"
sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie"
"github.com/pusher/oauth2_proxy/pkg/sessions/redis" "github.com/pusher/oauth2_proxy/pkg/sessions/redis"
@ -153,6 +154,27 @@ var _ = Describe("NewSessionStore", func() {
}) })
}) })
Context("with a broken session", func() {
BeforeEach(func() {
By("Using a valid cookie with a different providers session encoding")
broken := "BrokenSessionFromADifferentSessionImplementation"
value := cookie.SignedValue(cookieOpts.CookieSecret, cookieOpts.CookieName, broken, time.Now())
cookie := cookies.MakeCookieFromOptions(request, cookieOpts.CookieName, value, cookieOpts, cookieOpts.CookieExpire, time.Now())
request.AddCookie(cookie)
err := ss.Save(response, request, session)
Expect(err).ToNot(HaveOccurred())
})
It("sets a `set-cookie` header in the response", func() {
Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty())
})
It("Ensures the session CreatedAt is not zero", func() {
Expect(session.CreatedAt.IsZero()).To(BeFalse())
})
})
Context("with an expired saved session", func() { Context("with an expired saved session", func() {
var err error var err error
BeforeEach(func() { BeforeEach(func() {