* Use encoding/json for SessionState serialization
In order to make it easier to extend in future.
* Store only email and user in cookie when cipher is unavailable
This improves safety and robustness, and also preserves the existing
behaviour.
* Add TestEncodeSessionState/TestDecodeSessionState
Use the test vectors with JSON encoding just introduced.
* Support session state encoding in older versions
* Add test cases for legacy session state strings
* Add check for wrong expiration time in session state strings
* Avoid exposing time.Time zero value when encoding session state string
* Update CHANGELOG.md
- Save both user and email in session state:
Encoding/decoding methods save both email and user
field in session state, for use cases when User is not derived from
email's local-parth, like for GitHub provider.
For retrocompatibility, if no user is obtained by the provider,
(e.g. User is an empty string) the encoding/decoding methods fall back
to the previous behavior and use the email's local-part
Updated also related tests and added two more tests to show behavior
when session contains a non-empty user value.
- Added first basic GitHub provider tests
- Added GetUserName method to Provider interface
The new GetUserName method is intended to return the User
value when this is not the email's local-part.
Added also the default implementation to provider_default.go
- Added call to GetUserName in redeemCode
the new GetUserName method is used in redeemCode
to get SessionState User value.
For backward compatibility, if GetUserName error is
"not implemented", the error is ignored.
- Added GetUserName method and tests to github provider.
* New SessionState to consolidate email, access token and refresh token
* split ServeHttp into individual methods
* log on session renewal
* log on access token refresh
* refactor cookie encription/decription and session state serialization
