From 4721da02f2516a68f2504126a0f60cdcd0d35ac6 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Thu, 30 May 2019 11:55:42 +0100 Subject: [PATCH] Ensure SessionStores can handle recieving cookies for the wrong implementation (cherry picked from commit 131206cf41697543583751ac2714287898c19ad0) --- pkg/sessions/redis/redis_store.go | 7 ++++++- pkg/sessions/session_store_test.go | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go index 1d34d84..82e941e 100644 --- a/pkg/sessions/redis/redis_store.go +++ b/pkg/sessions/redis/redis_store.go @@ -237,7 +237,12 @@ func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, e } // Valid cookie, decode the ticket - return decodeTicket(store.CookieOptions.CookieName, val) + ticket, err := decodeTicket(store.CookieOptions.CookieName, val) + if err != nil { + // If we can't decode the ticket we have to create a new one + return newTicket() + } + return ticket, nil } func newTicket() (*TicketData, error) { diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go index 2ffc0bd..47ad4b7 100644 --- a/pkg/sessions/session_store_test.go +++ b/pkg/sessions/session_store_test.go @@ -16,6 +16,7 @@ import ( "github.com/pusher/oauth2_proxy/cookie" "github.com/pusher/oauth2_proxy/pkg/apis/options" sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/pusher/oauth2_proxy/pkg/cookies" "github.com/pusher/oauth2_proxy/pkg/sessions" sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" "github.com/pusher/oauth2_proxy/pkg/sessions/redis" @@ -153,6 +154,27 @@ var _ = Describe("NewSessionStore", func() { }) }) + Context("with a broken session", func() { + BeforeEach(func() { + By("Using a valid cookie with a different providers session encoding") + broken := "BrokenSessionFromADifferentSessionImplementation" + value := cookie.SignedValue(cookieOpts.CookieSecret, cookieOpts.CookieName, broken, time.Now()) + cookie := cookies.MakeCookieFromOptions(request, cookieOpts.CookieName, value, cookieOpts, cookieOpts.CookieExpire, time.Now()) + request.AddCookie(cookie) + + err := ss.Save(response, request, session) + Expect(err).ToNot(HaveOccurred()) + }) + + It("sets a `set-cookie` header in the response", func() { + Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty()) + }) + + It("Ensures the session CreatedAt is not zero", func() { + Expect(session.CreatedAt.IsZero()).To(BeFalse()) + }) + }) + Context("with an expired saved session", func() { var err error BeforeEach(func() {