Ensure SessionStores can handle recieving cookies for the wrong implementation
This commit is contained in:
parent
6d7f0ab57d
commit
131206cf41
@ -237,7 +237,12 @@ func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, e
|
||||
}
|
||||
|
||||
// Valid cookie, decode the ticket
|
||||
return decodeTicket(store.CookieOptions.CookieName, val)
|
||||
ticket, err := decodeTicket(store.CookieOptions.CookieName, val)
|
||||
if err != nil {
|
||||
// If we can't decode the ticket we have to create a new one
|
||||
return newTicket()
|
||||
}
|
||||
return ticket, nil
|
||||
}
|
||||
|
||||
func newTicket() (*TicketData, error) {
|
||||
|
@ -16,6 +16,7 @@ import (
|
||||
"github.com/pusher/oauth2_proxy/cookie"
|
||||
"github.com/pusher/oauth2_proxy/pkg/apis/options"
|
||||
sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions"
|
||||
"github.com/pusher/oauth2_proxy/pkg/cookies"
|
||||
"github.com/pusher/oauth2_proxy/pkg/sessions"
|
||||
sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie"
|
||||
"github.com/pusher/oauth2_proxy/pkg/sessions/redis"
|
||||
@ -153,6 +154,27 @@ var _ = Describe("NewSessionStore", func() {
|
||||
})
|
||||
})
|
||||
|
||||
Context("with a broken session", func() {
|
||||
BeforeEach(func() {
|
||||
By("Using a valid cookie with a different providers session encoding")
|
||||
broken := "BrokenSessionFromADifferentSessionImplementation"
|
||||
value := cookie.SignedValue(cookieOpts.CookieSecret, cookieOpts.CookieName, broken, time.Now())
|
||||
cookie := cookies.MakeCookieFromOptions(request, cookieOpts.CookieName, value, cookieOpts, cookieOpts.CookieExpire, time.Now())
|
||||
request.AddCookie(cookie)
|
||||
|
||||
err := ss.Save(response, request, session)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
})
|
||||
|
||||
It("sets a `set-cookie` header in the response", func() {
|
||||
Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty())
|
||||
})
|
||||
|
||||
It("Ensures the session CreatedAt is not zero", func() {
|
||||
Expect(session.CreatedAt.IsZero()).To(BeFalse())
|
||||
})
|
||||
})
|
||||
|
||||
Context("with an expired saved session", func() {
|
||||
var err error
|
||||
BeforeEach(func() {
|
||||
|
Loading…
Reference in New Issue
Block a user