Calculate cookie expiration from encoded timestamp
Found out the hard way that _incoming_ cookies do _not_ have their expiration timestamps encoded. To perform auto-refresh based on expiration time, we have to recalculate it from the time encoded in the cookie value.
This commit is contained in:
Mike Bland
parent
41b21dd0b1
commit
37f287bef4
@ -300,8 +300,9 @@ func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (e
|
|||||||
log.Printf(err.Error())
|
log.Printf(err.Error())
|
||||||
ok = false
|
ok = false
|
||||||
} else if p.CookieRefresh != time.Duration(0) {
|
} else if p.CookieRefresh != time.Duration(0) {
|
||||||
|
expires := timestamp.Add(p.CookieExpire)
|
||||||
refresh_threshold := time.Now().Add(p.CookieRefresh)
|
refresh_threshold := time.Now().Add(p.CookieRefresh)
|
||||||
if refresh_threshold.Unix() > timestamp.Unix() {
|
if refresh_threshold.Unix() > expires.Unix() {
|
||||||
ok = p.Validator(email) && p.ValidateToken(access_token)
|
ok = p.Validator(email) && p.ValidateToken(access_token)
|
||||||
if ok {
|
if ok {
|
||||||
p.SetCookie(rw, req, value)
|
p.SetCookie(rw, req, value)
|
||||||
|
|||||||
@ -492,8 +492,8 @@ func TestProcessCookieRefreshNotSet(t *testing.T) {
|
|||||||
pc_test.InstantiateBackend()
|
pc_test.InstantiateBackend()
|
||||||
defer pc_test.Close()
|
defer pc_test.Close()
|
||||||
|
|
||||||
|
pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour
|
||||||
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "")
|
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "")
|
||||||
cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour)
|
|
||||||
pc_test.req.AddCookie(cookie)
|
pc_test.req.AddCookie(cookie)
|
||||||
|
|
||||||
_, _, _, ok := pc_test.ProcessCookie()
|
_, _, _, ok := pc_test.ProcessCookie()
|
||||||
@ -506,8 +506,8 @@ func TestProcessCookieRefresh(t *testing.T) {
|
|||||||
pc_test.InstantiateBackend()
|
pc_test.InstantiateBackend()
|
||||||
defer pc_test.Close()
|
defer pc_test.Close()
|
||||||
|
|
||||||
|
pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour
|
||||||
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
||||||
cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour)
|
|
||||||
pc_test.req.AddCookie(cookie)
|
pc_test.req.AddCookie(cookie)
|
||||||
|
|
||||||
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
||||||
@ -516,14 +516,29 @@ func TestProcessCookieRefresh(t *testing.T) {
|
|||||||
assert.NotEqual(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
|
assert.NotEqual(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestProcessCookieRefreshThresholdNotCrossed(t *testing.T) {
|
||||||
|
pc_test := NewProcessCookieTest()
|
||||||
|
pc_test.InstantiateBackend()
|
||||||
|
defer pc_test.Close()
|
||||||
|
|
||||||
|
pc_test.proxy.CookieExpire = time.Duration(25) * time.Hour
|
||||||
|
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
||||||
|
pc_test.req.AddCookie(cookie)
|
||||||
|
|
||||||
|
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
||||||
|
_, _, _, ok := pc_test.ProcessCookie()
|
||||||
|
assert.Equal(t, true, ok)
|
||||||
|
assert.Equal(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
|
||||||
|
}
|
||||||
|
|
||||||
func TestProcessCookieFailIfRefreshSetAndTokenNoLongerValid(t *testing.T) {
|
func TestProcessCookieFailIfRefreshSetAndTokenNoLongerValid(t *testing.T) {
|
||||||
pc_test := NewProcessCookieTest()
|
pc_test := NewProcessCookieTest()
|
||||||
pc_test.InstantiateBackend()
|
pc_test.InstantiateBackend()
|
||||||
defer pc_test.Close()
|
defer pc_test.Close()
|
||||||
pc_test.response_code = 401
|
pc_test.response_code = 401
|
||||||
|
|
||||||
|
pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour
|
||||||
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
||||||
cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour)
|
|
||||||
pc_test.req.AddCookie(cookie)
|
pc_test.req.AddCookie(cookie)
|
||||||
|
|
||||||
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
||||||
@ -538,8 +553,8 @@ func TestProcessCookieFailIfRefreshSetAndUserNoLongerValid(t *testing.T) {
|
|||||||
defer pc_test.Close()
|
defer pc_test.Close()
|
||||||
pc_test.validate_user = false
|
pc_test.validate_user = false
|
||||||
|
|
||||||
|
pc_test.proxy.CookieExpire = time.Duration(23) * time.Hour
|
||||||
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
||||||
cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour)
|
|
||||||
pc_test.req.AddCookie(cookie)
|
pc_test.req.AddCookie(cookie)
|
||||||
|
|
||||||
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user