From 2e2327af6c941c46d61e2169b99389f3b16fce21 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Wed, 29 May 2019 11:59:58 +0100 Subject: [PATCH] Check SaveSession works when an existing session is present (cherry picked from commit 9dc1a96d817741632cb476456755a645b732db7d) --- pkg/sessions/redis/redis_store.go | 9 +++++- pkg/sessions/session_store_test.go | 44 ++++++++++++++++++++++++------ 2 files changed, 44 insertions(+), 9 deletions(-) diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go index 61aa1c7..b32d5c2 100644 --- a/pkg/sessions/redis/redis_store.go +++ b/pkg/sessions/redis/redis_store.go @@ -195,7 +195,14 @@ func (store *SessionStore) storeValue(value string, expiresOn time.Time, request var ticket *TicketData if requestCookie != nil { var err error - ticket, err = decodeTicket(store.CookieOptions.CookieName, requestCookie.Value) + val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire) + if !ok { + ticket, err = newTicket() + if err != nil { + return "", fmt.Errorf("error creating new ticket: %s", err) + } + } + ticket, err = decodeTicket(store.CookieOptions.CookieName, val) if err != nil { return "", err } diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go index 76722df..85e63b3 100644 --- a/pkg/sessions/session_store_test.go +++ b/pkg/sessions/session_store_test.go @@ -137,17 +137,45 @@ var _ = Describe("NewSessionStore", func() { SessionStoreInterfaceTests := func(persistent bool) { Context("when Save is called", func() { - BeforeEach(func() { - err := ss.Save(response, request, session) - Expect(err).ToNot(HaveOccurred()) + Context("with no existing session", func() { + BeforeEach(func() { + err := ss.Save(response, request, session) + Expect(err).ToNot(HaveOccurred()) + }) + + It("sets a `set-cookie` header in the response", func() { + Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty()) + }) + + It("Ensures the session CreatedAt is not zero", func() { + Expect(session.CreatedAt.IsZero()).To(BeFalse()) + }) }) - It("sets a `set-cookie` header in the response", func() { - Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty()) - }) + Context("with an expired saved session", func() { + var err error + BeforeEach(func() { + By("saving a session") + req := httptest.NewRequest("GET", "http://example.com/", nil) + saveResp := httptest.NewRecorder() + err = ss.Save(saveResp, req, session) + Expect(err).ToNot(HaveOccurred()) - It("Ensures the session CreatedAt is not zero", func() { - Expect(session.CreatedAt.IsZero()).To(BeFalse()) + By("and clearing the session") + for _, c := range saveResp.Result().Cookies() { + request.AddCookie(c) + } + clearResp := httptest.NewRecorder() + err = ss.Clear(clearResp, request) + Expect(err).ToNot(HaveOccurred()) + + By("then saving a request with the cleared session") + err = ss.Save(response, request, session) + }) + + It("no error should occur", func() { + Expect(err).ToNot(HaveOccurred()) + }) }) CheckCookieOptions()