Check cookie_secret size when cookie_refresh set

2015-05-09 17:31:13 -04:00 · 2015-05-09 17:31:13 -04:00 · 8ec967ac32
commit 8ec967ac32
parent 082b7c0ec8
3 changed files with 8 additions and 4 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -128,7 +128,7 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 		aes_cipher, err = aes.NewCipher([]byte(opts.CookieSecret))
 		if err != nil {
 			log.Fatal("error creating AES cipher with "+
-				"pass_access_token == true: %s", err)
+				"cookie-secret ", opts.CookieSecret, ": ", err)
 		}
 	}
--- a/options.go
+++ b/options.go
@ -120,7 +120,7 @@ func (o *Options) Validate() error {
 	}
 	msgs = parseProviderInfo(o, msgs)
-	if o.PassAccessToken {
+	if o.PassAccessToken || (o.CookieRefresh != time.Duration(0)) {
 		valid_cookie_secret_size := false
 		for _, i := range []int{16, 24, 32} {
 			if len(o.CookieSecret) == i {
@ -131,8 +131,8 @@ func (o *Options) Validate() error {
 			msgs = append(msgs, fmt.Sprintf(
 				"cookie_secret must be 16, 24, or 32 bytes "+
 					"to create an AES cipher when "+
-					"pass_access_token == true, "+
+					"pass_access_token == true or "+
-					"but is %d bytes",
+					"cookie_refresh != 0, but is %d bytes",
 				len(o.CookieSecret)))
 		}
 	}
--- a/options_test.go
+++ b/options_test.go
@ -112,6 +112,10 @@ func TestPassAccessTokenRequiresSpecificCookieSecretLengths(t *testing.T) {
 	o.CookieSecret = "cookie of invalid length-"
 	assert.NotEqual(t, nil, o.Validate())
 	o.PassAccessToken = false
 	o.CookieRefresh = time.Duration(24) * time.Hour
 	assert.NotEqual(t, nil, o.Validate())
 	o.CookieSecret = "16 bytes AES-128"
 	assert.Equal(t, nil, o.Validate())