diff --git a/oauthproxy.go b/oauthproxy.go index f5ae591..75827fa 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -29,10 +29,6 @@ const ( httpScheme = "http" httpsScheme = "https" - // Cookies are limited to 4kb including the length of the cookie name, - // the cookie name can be up to 256 bytes - maxCookieLength = 3840 - applicationJSON = "application/json" ) @@ -318,104 +314,6 @@ func (p *OAuthProxy) redeemCode(host, code string) (s *sessionsapi.SessionState, return } -// MakeSessionCookie creates an http.Cookie containing the authenticated user's -// authentication details -func (p *OAuthProxy) MakeSessionCookie(req *http.Request, value string, expiration time.Duration, now time.Time) []*http.Cookie { - if value != "" { - value = cookie.SignedValue(p.CookieSeed, p.CookieName, value, now) - } - c := p.makeCookie(req, p.CookieName, value, expiration, now) - if len(c.Value) > 4096-len(p.CookieName) { - return splitCookie(c) - } - return []*http.Cookie{c} -} - -func copyCookie(c *http.Cookie) *http.Cookie { - return &http.Cookie{ - Name: c.Name, - Value: c.Value, - Path: c.Path, - Domain: c.Domain, - Expires: c.Expires, - RawExpires: c.RawExpires, - MaxAge: c.MaxAge, - Secure: c.Secure, - HttpOnly: c.HttpOnly, - Raw: c.Raw, - Unparsed: c.Unparsed, - } -} - -// splitCookie reads the full cookie generated to store the session and splits -// it into a slice of cookies which fit within the 4kb cookie limit indexing -// the cookies from 0 -func splitCookie(c *http.Cookie) []*http.Cookie { - if len(c.Value) < maxCookieLength { - return []*http.Cookie{c} - } - cookies := []*http.Cookie{} - valueBytes := []byte(c.Value) - count := 0 - for len(valueBytes) > 0 { - new := copyCookie(c) - new.Name = fmt.Sprintf("%s_%d", c.Name, count) - count++ - if len(valueBytes) < maxCookieLength { - new.Value = string(valueBytes) - valueBytes = []byte{} - } else { - newValue := valueBytes[:maxCookieLength] - valueBytes = valueBytes[maxCookieLength:] - new.Value = string(newValue) - } - cookies = append(cookies, new) - } - return cookies -} - -// joinCookies takes a slice of cookies from the request and reconstructs the -// full session cookie -func joinCookies(cookies []*http.Cookie) (*http.Cookie, error) { - if len(cookies) == 0 { - return nil, fmt.Errorf("list of cookies must be > 0") - } - if len(cookies) == 1 { - return cookies[0], nil - } - c := copyCookie(cookies[0]) - for i := 1; i < len(cookies); i++ { - c.Value += cookies[i].Value - } - c.Name = strings.TrimRight(c.Name, "_0") - return c, nil -} - -// loadCookie retreieves the sessions state cookie from the http request. -// If a single cookie is present this will be returned, otherwise it attempts -// to reconstruct a cookie split up by splitCookie -func loadCookie(req *http.Request, cookieName string) (*http.Cookie, error) { - c, err := req.Cookie(cookieName) - if err == nil { - return c, nil - } - cookies := []*http.Cookie{} - err = nil - count := 0 - for err == nil { - var c *http.Cookie - c, err = req.Cookie(fmt.Sprintf("%s_%d", cookieName, count)) - if err == nil { - cookies = append(cookies, c) - count++ - } - } - if len(cookies) == 0 { - return nil, fmt.Errorf("Could not find cookie %s", cookieName) - } - return joinCookies(cookies) -} - // MakeCSRFCookie creates a cookie for CSRF func (p *OAuthProxy) MakeCSRFCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie { return p.makeCookie(req, p.CSRFCookieName, value, expiration, now) @@ -460,13 +358,6 @@ func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Reques return p.sessionStore.Clear(rw, req) } -// SetSessionCookie adds the user's session cookie to the response -func (p *OAuthProxy) SetSessionCookie(rw http.ResponseWriter, req *http.Request, val string) { - for _, c := range p.MakeSessionCookie(req, val, p.CookieExpire, time.Now()) { - http.SetCookie(rw, c) - } -} - // LoadCookiedSession reads the user's authentication details from the request func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*sessionsapi.SessionState, error) { return p.sessionStore.Load(req) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 32837eb..52f688b 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -646,10 +646,6 @@ func NewProcessCookieTestWithOptionsModifiers(modifiers ...OptionsModifier) *Pro }, modifiers...) } -func (p *ProcessCookieTest) MakeCookie(value string, ref time.Time) []*http.Cookie { - return p.proxy.MakeSessionCookie(p.req, value, p.opts.CookieExpire, ref) -} - func (p *ProcessCookieTest) SaveSession(s *sessions.SessionState) error { err := p.proxy.SaveSession(p.rw, p.req, s) if err != nil { @@ -946,11 +942,11 @@ func (st *SignatureTest) MakeRequestWithExpectedKey(method, body, key string) { state := &sessions.SessionState{ Email: "mbland@acm.org", AccessToken: "my_access_token"} - value, err := proxy.provider.CookieForSession(state, proxy.CookieCipher) + err = proxy.SaveSession(st.rw, req, state) if err != nil { panic(err) } - for _, c := range proxy.MakeSessionCookie(req, value, proxy.CookieExpire, time.Now()) { + for _, c := range st.rw.Result().Cookies() { req.AddCookie(c) } // This is used by the upstream to validate the signature.