From 37f287bef46c11cee2e8c0d9af364b9f148a9225 Mon Sep 17 00:00:00 2001 From: Mike Bland Date: Sun, 10 May 2015 00:11:26 -0400 Subject: [PATCH] Calculate cookie expiration from encoded timestamp Found out the hard way that _incoming_ cookies do _not_ have their expiration timestamps encoded. To perform auto-refresh based on expiration time, we have to recalculate it from the time encoded in the cookie value. --- oauthproxy.go | 3 ++- oauthproxy_test.go | 23 +++++++++++++++++++---- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index d4208de..82de2df 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -300,8 +300,9 @@ func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (e log.Printf(err.Error()) ok = false } else if p.CookieRefresh != time.Duration(0) { + expires := timestamp.Add(p.CookieExpire) refresh_threshold := time.Now().Add(p.CookieRefresh) - if refresh_threshold.Unix() > timestamp.Unix() { + if refresh_threshold.Unix() > expires.Unix() { ok = p.Validator(email) && p.ValidateToken(access_token) if ok { p.SetCookie(rw, req, value) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 2b792d8..2a17436 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -492,8 +492,8 @@ func TestProcessCookieRefreshNotSet(t *testing.T) { pc_test.InstantiateBackend() defer pc_test.Close() + pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "") - cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour) pc_test.req.AddCookie(cookie) _, _, _, ok := pc_test.ProcessCookie() @@ -506,8 +506,8 @@ func TestProcessCookieRefresh(t *testing.T) { pc_test.InstantiateBackend() defer pc_test.Close() + pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token") - cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour) pc_test.req.AddCookie(cookie) pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour @@ -516,14 +516,29 @@ func TestProcessCookieRefresh(t *testing.T) { assert.NotEqual(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"]) } +func TestProcessCookieRefreshThresholdNotCrossed(t *testing.T) { + pc_test := NewProcessCookieTest() + pc_test.InstantiateBackend() + defer pc_test.Close() + + pc_test.proxy.CookieExpire = time.Duration(25) * time.Hour + cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token") + pc_test.req.AddCookie(cookie) + + pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour + _, _, _, ok := pc_test.ProcessCookie() + assert.Equal(t, true, ok) + assert.Equal(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"]) +} + func TestProcessCookieFailIfRefreshSetAndTokenNoLongerValid(t *testing.T) { pc_test := NewProcessCookieTest() pc_test.InstantiateBackend() defer pc_test.Close() pc_test.response_code = 401 + pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token") - cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour) pc_test.req.AddCookie(cookie) pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour @@ -538,8 +553,8 @@ func TestProcessCookieFailIfRefreshSetAndUserNoLongerValid(t *testing.T) { defer pc_test.Close() pc_test.validate_user = false + pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token") - cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour) pc_test.req.AddCookie(cookie) pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour