Validate user during cookie refresh

This commit is contained in:
Mike Bland 2015-05-09 16:48:39 -04:00
parent 610341a068
commit 84190ab19a
2 changed files with 20 additions and 2 deletions

View File

@ -302,7 +302,7 @@ func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (e
} else if p.CookieRefresh != time.Duration(0) {
refresh_threshold := time.Now().Add(p.CookieRefresh)
if refresh_threshold.Unix() > timestamp.Unix() {
ok = p.ValidateToken(access_token)
ok = p.Validator(email) && p.ValidateToken(access_token)
if ok {
p.SetCookie(rw, req, value)
}

View File

@ -397,6 +397,7 @@ type ProcessCookieTest struct {
req *http.Request
backend *httptest.Server
response_code int
validate_user bool
}
func NewProcessCookieTest() *ProcessCookieTest {
@ -414,7 +415,7 @@ func NewProcessCookieTest() *ProcessCookieTest {
pc_test.opts.Validate()
pc_test.proxy = NewOauthProxy(pc_test.opts, func(email string) bool {
return true
return pc_test.validate_user
})
// Now, zero-out proxy.CookieRefresh for the cases that don't involve
@ -422,6 +423,7 @@ func NewProcessCookieTest() *ProcessCookieTest {
pc_test.proxy.CookieRefresh = time.Duration(0)
pc_test.rw = httptest.NewRecorder()
pc_test.req, _ = http.NewRequest("GET", "/", strings.NewReader(""))
pc_test.validate_user = true
return &pc_test
}
@ -529,3 +531,19 @@ func TestProcessCookieFailIfRefreshSetAndTokenNoLongerValid(t *testing.T) {
assert.Equal(t, false, ok)
assert.Equal(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
}
func TestProcessCookieFailIfRefreshSetAndUserNoLongerValid(t *testing.T) {
pc_test := NewProcessCookieTest()
pc_test.InstantiateBackend()
defer pc_test.Close()
pc_test.validate_user = false
cookie := pc_test.MakeCookie("michael.bland@gsa.gov", "my_access_token")
cookie.Expires = time.Now().Add(time.Duration(23) * time.Hour)
pc_test.req.AddCookie(cookie)
pc_test.proxy.CookieRefresh = time.Duration(24) * time.Hour
_, _, _, ok := pc_test.ProcessCookie()
assert.Equal(t, false, ok)
assert.Equal(t, []string(nil), pc_test.rw.HeaderMap["Set-Cookie"])
}