From 41b21dd0b14ce867dc5130b5aadc6b964fda2409 Mon Sep 17 00:00:00 2001 From: Mike Bland Date: Sat, 9 May 2015 17:16:19 -0400 Subject: [PATCH] Enforce that cookie_refresh < cookie_expire --- options.go | 8 ++++++++ options_test.go | 13 +++++++++++++ 2 files changed, 21 insertions(+) diff --git a/options.go b/options.go index 262e27f..3767546 100644 --- a/options.go +++ b/options.go @@ -137,6 +137,14 @@ func (o *Options) Validate() error { } } + if o.CookieRefresh >= o.CookieExpire { + msgs = append(msgs, fmt.Sprintf( + "cookie_refresh (%s) must be less than "+ + "cookie_expire (%s)", + o.CookieRefresh.String(), + o.CookieExpire.String())) + } + if len(msgs) != 0 { return fmt.Errorf("Invalid configuration:\n %s", strings.Join(msgs, "\n ")) diff --git a/options_test.go b/options_test.go index 55eda29..fc1233b 100644 --- a/options_test.go +++ b/options_test.go @@ -4,6 +4,7 @@ import ( "net/url" "strings" "testing" + "time" "github.com/bmizerany/assert" ) @@ -125,3 +126,15 @@ func TestPassAccessTokenRequiresSpecificCookieSecretLengths(t *testing.T) { o.CookieSecret = "32 byte secret for AES-256------" assert.Equal(t, nil, o.Validate()) } + +func TestCookieRefreshMustBeLessThanCookieExpire(t *testing.T) { + o := testOptions() + assert.Equal(t, nil, o.Validate()) + + o.CookieSecret = "0123456789abcdef" + o.CookieRefresh = o.CookieExpire + assert.NotEqual(t, nil, o.Validate()) + + o.CookieRefresh -= time.Duration(1) + assert.Equal(t, nil, o.Validate()) +}