Validate user during cookie refresh
This commit is contained in:
parent
610341a068
commit
84190ab19a
@ -302,7 +302,7 @@ func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (e
|
||||
} else if p.CookieRefresh != time.Duration(0) {
|
||||
refresh_threshold := time.Now().Add(p.CookieRefresh)
|
||||
if refresh_threshold.Unix() > timestamp.Unix() {
|
||||
ok = p.ValidateToken(access_token)
|
||||
ok = p.Validator(email) && p.ValidateToken(access_token)
|
||||
if ok {
|
||||
p.SetCookie(rw, req, value)
|
||||
}
|
||||
|
@ -397,6 +397,7 @@ type ProcessCookieTest struct {
|
||||
req *http.Request
|
||||
backend *httptest.Server
|
||||
response_code int
|
||||
validate_user bool
|
||||
}
|
||||
|
||||
func NewProcessCookieTest() *ProcessCookieTest {
|
||||
@ -414,7 +415,7 @@ func NewProcessCookieTest() *ProcessCookieTest {
|
||||
pc_test.opts.Validate()
|
||||
|
||||
pc_test.proxy = NewOauthProxy(pc_test.opts, func(email string) bool {
|
||||
return true
|
||||
return pc_test.validate_user
|
||||
})
|
||||
|
||||
// Now, zero-out proxy.CookieRefresh for the cases that don't involve
|
||||
@ -422,6 +423,7 @@ func NewProcessCookieTest() *ProcessCookieTest {
|
||||
pc_test.proxy.CookieRefresh = time.Duration(0)
|
||||
pc_test.rw = httptest.NewRecorder()
|
||||
pc_test.req, _ = http.NewRequest("GET", "/", strings.NewReader(""))
|
||||
pc_test.validate_user = true
|
||||
return &pc_test
|
||||
}
|
||||
|
||||
@ -529,3 +531,19 @@ func TestProcessCookieFailIfRefreshSetAndTokenNoLongerValid(t *testing.T) {
|
||||
assert.Equal(t, false, ok)
|
||||
assert.Equal(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
|
||||
}
|
||||
|
||||
func TestProcessCookieFailIfRefreshSetAndUserNoLongerValid(t *testing.T) {
|
||||
pc_test := NewProcessCookieTest()
|
||||
pc_test.InstantiateBackend()
|
||||
defer pc_test.Close()
|
||||
pc_test.validate_user = false
|
||||
|
||||
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
|
||||
cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour)
|
||||
pc_test.req.AddCookie(cookie)
|
||||
|
||||
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
|
||||
_, _, _, ok := pc_test.ProcessCookie()
|
||||
assert.Equal(t, false, ok)
|
||||
assert.Equal(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user