Check cookie_secret size when cookie_refresh set

This commit is contained in:
Mike Bland 2015-05-09 17:31:13 -04:00
parent 082b7c0ec8
commit 8ec967ac32
3 changed files with 8 additions and 4 deletions

View File

@ -128,7 +128,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
aes_cipher, err = aes.NewCipher([]byte(opts.CookieSecret))
if err != nil {
log.Fatal("error creating AES cipher with "+
"pass_access_token == true: %s", err)
"cookie-secret ", opts.CookieSecret, ": ", err)
}
}

View File

@ -120,7 +120,7 @@ func (o *Options) Validate() error {
}
msgs = parseProviderInfo(o, msgs)
if o.PassAccessToken {
if o.PassAccessToken || (o.CookieRefresh != time.Duration(0)) {
valid_cookie_secret_size := false
for _, i := range []int{16, 24, 32} {
if len(o.CookieSecret) == i {
@ -131,8 +131,8 @@ func (o *Options) Validate() error {
msgs = append(msgs, fmt.Sprintf(
"cookie_secret must be 16, 24, or 32 bytes "+
"to create an AES cipher when "+
"pass_access_token == true, "+
"but is %d bytes",
"pass_access_token == true or "+
"cookie_refresh != 0, but is %d bytes",
len(o.CookieSecret)))
}
}

View File

@ -112,6 +112,10 @@ func TestPassAccessTokenRequiresSpecificCookieSecretLengths(t *testing.T) {
o.CookieSecret = "cookie of invalid length-"
assert.NotEqual(t, nil, o.Validate())
o.PassAccessToken = false
o.CookieRefresh = time.Duration(24) * time.Hour
assert.NotEqual(t, nil, o.Validate())
o.CookieSecret = "16 bytes AES-128"
assert.Equal(t, nil, o.Validate())