Check cookie_secret size when cookie_refresh set
This commit is contained in:
parent
082b7c0ec8
commit
8ec967ac32
@ -128,7 +128,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||
aes_cipher, err = aes.NewCipher([]byte(opts.CookieSecret))
|
||||
if err != nil {
|
||||
log.Fatal("error creating AES cipher with "+
|
||||
"pass_access_token == true: %s", err)
|
||||
"cookie-secret ", opts.CookieSecret, ": ", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -120,7 +120,7 @@ func (o *Options) Validate() error {
|
||||
}
|
||||
msgs = parseProviderInfo(o, msgs)
|
||||
|
||||
if o.PassAccessToken {
|
||||
if o.PassAccessToken || (o.CookieRefresh != time.Duration(0)) {
|
||||
valid_cookie_secret_size := false
|
||||
for _, i := range []int{16, 24, 32} {
|
||||
if len(o.CookieSecret) == i {
|
||||
@ -131,8 +131,8 @@ func (o *Options) Validate() error {
|
||||
msgs = append(msgs, fmt.Sprintf(
|
||||
"cookie_secret must be 16, 24, or 32 bytes "+
|
||||
"to create an AES cipher when "+
|
||||
"pass_access_token == true, "+
|
||||
"but is %d bytes",
|
||||
"pass_access_token == true or "+
|
||||
"cookie_refresh != 0, but is %d bytes",
|
||||
len(o.CookieSecret)))
|
||||
}
|
||||
}
|
||||
|
@ -112,6 +112,10 @@ func TestPassAccessTokenRequiresSpecificCookieSecretLengths(t *testing.T) {
|
||||
o.CookieSecret = "cookie of invalid length-"
|
||||
assert.NotEqual(t, nil, o.Validate())
|
||||
|
||||
o.PassAccessToken = false
|
||||
o.CookieRefresh = time.Duration(24) * time.Hour
|
||||
assert.NotEqual(t, nil, o.Validate())
|
||||
|
||||
o.CookieSecret = "16 bytes AES-128"
|
||||
assert.Equal(t, nil, o.Validate())
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user