From 22199fa4173ca2f1b4b72f545231c7103ff86848 Mon Sep 17 00:00:00 2001
From: Joel Speed <Joel.speed@hotmail.co.uk>
Date: Thu, 30 May 2019 10:10:28 +0100
Subject: [PATCH] Fix ticket retrieval with an invalid ticket

(cherry picked from commit 66bbf146ec45d127bdd374120743aeef936894a7)
---
 pkg/sessions/redis/redis_store.go | 41 ++++++++++++++++---------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go
index 6a5ffbb..552b48d 100644
--- a/pkg/sessions/redis/redis_store.go
+++ b/pkg/sessions/redis/redis_store.go
@@ -192,26 +192,9 @@ func (store *SessionStore) makeCookie(req *http.Request, value string, expires t
 }
 
 func (store *SessionStore) storeValue(value string, expiration time.Duration, requestCookie *http.Cookie) (string, error) {
-	var ticket *TicketData
-	if requestCookie != nil {
-		var err error
-		val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
-		if !ok {
-			ticket, err = newTicket()
-			if err != nil {
-				return "", fmt.Errorf("error creating new ticket: %s", err)
-			}
-		}
-		ticket, err = decodeTicket(store.CookieOptions.CookieName, val)
-		if err != nil {
-			return "", err
-		}
-	} else {
-		var err error
-		ticket, err = newTicket()
-		if err != nil {
-			return "", fmt.Errorf("error creating new ticket: %s", err)
-		}
+	ticket, err := store.getTicket(requestCookie)
+	if err != nil {
+		return "", fmt.Errorf("error getting ticket: %v", err)
 	}
 
 	ciphertext := make([]byte, len(value))
@@ -232,6 +215,24 @@ func (store *SessionStore) storeValue(value string, expiration time.Duration, re
 	return ticket.encodeTicket(store.CookieOptions.CookieName), nil
 }
 
+// getTicket retrieves an existing ticket from the cookie if present,
+// or creates a new ticket
+func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, error) {
+	if requestCookie == nil {
+		return newTicket()
+	}
+
+	// An existing cookie exists, try to retrieve the ticket
+	val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
+	if !ok {
+		// Cookie is invalid, create a new ticket
+		return newTicket()
+	}
+
+	// Valid cookie, decode the ticket
+	return decodeTicket(store.CookieOptions.CookieName, val)
+}
+
 func newTicket() (*TicketData, error) {
 	rawID := make([]byte, 16)
 	if _, err := io.ReadFull(rand.Reader, rawID); err != nil {