oauth2-proxy/pkg/sessions/redis/redis_store_test.go

package redis

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"fmt"
	"io"
	"log"
	"os"
	"testing"
	"time"

	"github.com/Bose/minisentinel"
	"github.com/alicebob/miniredis/v2"
	"github.com/go-redis/redis/v7"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
	"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/tests"
	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

// TestLegacyV5DecodeSession tests the fallback to LegacyV5DecodeSession
// when a V5 encoded session is in Redis
//
// TODO: Remove when this is deprecated (likely V7)
func Test_legacyV5DecodeSession(t *testing.T) {
	testCases, _, legacyCipher := sessionsapi.CreateLegacyV5TestCases(t)

	for testName, tc := range testCases {
		t.Run(testName, func(t *testing.T) {
			g := NewWithT(t)

			secret := make([]byte, aes.BlockSize)
			_, err := io.ReadFull(rand.Reader, secret)
			g.Expect(err).ToNot(HaveOccurred())
			ticket := &TicketData{
				TicketID: "",
				Secret:   secret,
			}

			encrypted, err := legacyStoreValue(tc.Input, ticket.Secret)
			g.Expect(err).ToNot(HaveOccurred())

			ss, err := legacyV5DecodeSession(encrypted, ticket, legacyCipher)
			if tc.Error {
				g.Expect(err).To(HaveOccurred())
				g.Expect(ss).To(BeNil())
				return
			}
			g.Expect(err).ToNot(HaveOccurred())

			// Compare sessions without *time.Time fields
			exp := *tc.Output
			exp.CreatedAt = nil
			exp.ExpiresOn = nil
			act := *ss
			act.CreatedAt = nil
			act.ExpiresOn = nil
			g.Expect(exp).To(Equal(act))
		})
	}
}

// legacyStoreValue implements the legacy V5 Redis store AES-CFB value encryption
//
// TODO: Remove when this is deprecated (likely V7)
func legacyStoreValue(value string, ticketSecret []byte) ([]byte, error) {
	ciphertext := make([]byte, len(value))
	block, err := aes.NewCipher(ticketSecret)
	if err != nil {
		return nil, fmt.Errorf("error initiating cipher block: %v", err)
	}

	// Use secret as the Initialization Vector too, because each entry has it's own key
	stream := cipher.NewCFBEncrypter(block, ticketSecret)
	stream.XORKeyStream(ciphertext, []byte(value))

	return ciphertext, nil
}

func TestSessionStore(t *testing.T) {
	logger.SetOutput(GinkgoWriter)

	redisLogger := log.New(os.Stderr, "redis: ", log.LstdFlags|log.Lshortfile)
	redisLogger.SetOutput(GinkgoWriter)
	redis.SetLogger(redisLogger)

	RegisterFailHandler(Fail)
	RunSpecs(t, "Redis SessionStore")
}

var _ = Describe("Redis SessionStore Tests", func() {
	// helper interface to allow us to close client connections
	// All non-nil redis clients should implement this
	type closer interface {
		Close() error
	}

	var mr *miniredis.Miniredis
	var ss sessionsapi.SessionStore

	BeforeEach(func() {
		var err error
		mr, err = miniredis.Run()
		Expect(err).ToNot(HaveOccurred())
	})

	AfterEach(func() {
		mr.Close()
	})

	JustAfterEach(func() {
		// Release any connections immediately after the test ends
		if redisStore, ok := ss.(*SessionStore); ok {
			if redisStore.Client != nil {
				Expect(redisStore.Client.(closer).Close()).To(Succeed())
			}
		}
	})

	tests.RunSessionStoreTests(
		func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
			// Set the connection URL
			opts.Type = options.RedisSessionStoreType
			opts.Redis.ConnectionURL = "redis://" + mr.Addr()

			// Capture the session store so that we can close the client
			var err error
			ss, err = NewRedisSessionStore(opts, cookieOpts)
			return ss, err
		},
		func(d time.Duration) error {
			mr.FastForward(d)
			return nil
		},
	)

	Context("with sentinel", func() {
		var ms *minisentinel.Sentinel

		BeforeEach(func() {
			ms = minisentinel.NewSentinel(mr)
			Expect(ms.Start()).To(Succeed())
		})

		AfterEach(func() {
			ms.Close()
		})

		tests.RunSessionStoreTests(
			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
				// Set the sentinel connection URL
				sentinelAddr := "redis://" + ms.Addr()
				opts.Type = options.RedisSessionStoreType
				opts.Redis.SentinelConnectionURLs = []string{sentinelAddr}
				opts.Redis.UseSentinel = true
				opts.Redis.SentinelMasterName = ms.MasterInfo().Name

				// Capture the session store so that we can close the client
				var err error
				ss, err = NewRedisSessionStore(opts, cookieOpts)
				return ss, err
			},
			func(d time.Duration) error {
				mr.FastForward(d)
				return nil
			},
		)
	})

	Context("with cluster", func() {
		tests.RunSessionStoreTests(
			func(opts *options.SessionOptions, cookieOpts *options.Cookie) (sessionsapi.SessionStore, error) {
				clusterAddr := "redis://" + mr.Addr()
				opts.Type = options.RedisSessionStoreType
				opts.Redis.ClusterConnectionURLs = []string{clusterAddr}
				opts.Redis.UseCluster = true

				// Capture the session store so that we can close the client
				var err error
				ss, err = NewRedisSessionStore(opts, cookieOpts)
				return ss, err
			},
			func(d time.Duration) error {
				mr.FastForward(d)
				return nil
			},
		)
	})
})
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`package redis`

			`import (`
Reduce SessionState size better with MessagePack + LZ4 (#632) * Encode sessions with MsgPack + LZ4 Assumes ciphers are now mandatory per #414. Cookie & Redis sessions can fallback to V5 style JSON in error cases. TODO: session_state.go unit tests & new unit tests for Legacy fallback scenarios. * Only compress encoded sessions with Cookie Store * Cleanup msgpack + lz4 error handling * Change NewBase64Cipher to take in an existing Cipher * Add msgpack & lz4 session state tests * Add required options for oauthproxy tests More aggressively assert.NoError on all validation.Validate(opts) calls to enforce legal options in all our tests. Add additional NoError checks wherever error return values were ignored. * Remove support for uncompressed session state fields * Improve error verbosity & add session state tests * Ensure all marshalled sessions are valid Invalid CFB decryptions can result in garbage data that 1/100 times might cause message pack unmarshal to not fail and instead return an empty session. This adds more rigor to make sure legacy sessions cause appropriate errors. * Add tests for legacy V5 session decoding Refactor common legacy JSON test cases to a legacy helpers area under session store tests. * Make ValidateSession a struct method & add CHANGELOG entry * Improve SessionState error & comments verbosity * Move legacy session test helpers to sessions pkg Placing these helpers under the sessions pkg removed all the circular import uses in housing it under the session store area. * Improve SignatureAuthenticator test helper formatting * Make redis.legacyV5DecodeSession internal * Make LegacyV5TestCase test table public for linter 2020-07-13 12:56:05 -07:00			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/rand"`
			`"fmt"`
			`"io"`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`"log"`
			`"os"`
			`"testing"`
			`"time"`

			`"github.com/Bose/minisentinel"`
			`"github.com/alicebob/miniredis/v2"`
			`"github.com/go-redis/redis/v7"`
			`"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"`
			`sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"`
			`"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"`
			`"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/tests"`
			`. "github.com/onsi/ginkgo"`
			`. "github.com/onsi/gomega"`
			`)`

Reduce SessionState size better with MessagePack + LZ4 (#632) * Encode sessions with MsgPack + LZ4 Assumes ciphers are now mandatory per #414. Cookie & Redis sessions can fallback to V5 style JSON in error cases. TODO: session_state.go unit tests & new unit tests for Legacy fallback scenarios. * Only compress encoded sessions with Cookie Store * Cleanup msgpack + lz4 error handling * Change NewBase64Cipher to take in an existing Cipher * Add msgpack & lz4 session state tests * Add required options for oauthproxy tests More aggressively assert.NoError on all validation.Validate(opts) calls to enforce legal options in all our tests. Add additional NoError checks wherever error return values were ignored. * Remove support for uncompressed session state fields * Improve error verbosity & add session state tests * Ensure all marshalled sessions are valid Invalid CFB decryptions can result in garbage data that 1/100 times might cause message pack unmarshal to not fail and instead return an empty session. This adds more rigor to make sure legacy sessions cause appropriate errors. * Add tests for legacy V5 session decoding Refactor common legacy JSON test cases to a legacy helpers area under session store tests. * Make ValidateSession a struct method & add CHANGELOG entry * Improve SessionState error & comments verbosity * Move legacy session test helpers to sessions pkg Placing these helpers under the sessions pkg removed all the circular import uses in housing it under the session store area. * Improve SignatureAuthenticator test helper formatting * Make redis.legacyV5DecodeSession internal * Make LegacyV5TestCase test table public for linter 2020-07-13 12:56:05 -07:00			`// TestLegacyV5DecodeSession tests the fallback to LegacyV5DecodeSession`
			`// when a V5 encoded session is in Redis`
			`//`
			`// TODO: Remove when this is deprecated (likely V7)`
			`func Test_legacyV5DecodeSession(t *testing.T) {`
			`testCases, _, legacyCipher := sessionsapi.CreateLegacyV5TestCases(t)`

			`for testName, tc := range testCases {`
			`t.Run(testName, func(t *testing.T) {`
			`g := NewWithT(t)`

			`secret := make([]byte, aes.BlockSize)`
			`_, err := io.ReadFull(rand.Reader, secret)`
			`g.Expect(err).ToNot(HaveOccurred())`
			`ticket := &TicketData{`
			`TicketID: "",`
			`Secret: secret,`
			`}`

			`encrypted, err := legacyStoreValue(tc.Input, ticket.Secret)`
			`g.Expect(err).ToNot(HaveOccurred())`

			`ss, err := legacyV5DecodeSession(encrypted, ticket, legacyCipher)`
			`if tc.Error {`
			`g.Expect(err).To(HaveOccurred())`
			`g.Expect(ss).To(BeNil())`
			`return`
			`}`
			`g.Expect(err).ToNot(HaveOccurred())`

			`// Compare sessions without *time.Time fields`
			`exp := *tc.Output`
			`exp.CreatedAt = nil`
			`exp.ExpiresOn = nil`
			`act := *ss`
			`act.CreatedAt = nil`
			`act.ExpiresOn = nil`
			`g.Expect(exp).To(Equal(act))`
			`})`
			`}`
			`}`

			`// legacyStoreValue implements the legacy V5 Redis store AES-CFB value encryption`
			`//`
			`// TODO: Remove when this is deprecated (likely V7)`
			`func legacyStoreValue(value string, ticketSecret []byte) ([]byte, error) {`
			`ciphertext := make([]byte, len(value))`
			`block, err := aes.NewCipher(ticketSecret)`
			`if err != nil {`
			`return nil, fmt.Errorf("error initiating cipher block: %v", err)`
			`}`

			`// Use secret as the Initialization Vector too, because each entry has it's own key`
			`stream := cipher.NewCFBEncrypter(block, ticketSecret)`
			`stream.XORKeyStream(ciphertext, []byte(value))`

			`return ciphertext, nil`
			`}`

Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`func TestSessionStore(t *testing.T) {`
			`logger.SetOutput(GinkgoWriter)`

			`redisLogger := log.New(os.Stderr, "redis: ", log.LstdFlags\|log.Lshortfile)`
			`redisLogger.SetOutput(GinkgoWriter)`
			`redis.SetLogger(redisLogger)`

			`RegisterFailHandler(Fail)`
			`RunSpecs(t, "Redis SessionStore")`
			`}`

			`var _ = Describe("Redis SessionStore Tests", func() {`
Close client connections after each redis test 2020-07-03 15:24:57 +01:00			`// helper interface to allow us to close client connections`
			`// All non-nil redis clients should implement this`
			`type closer interface {`
			`Close() error`
			`}`

Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`var mr *miniredis.Miniredis`
Close client connections after each redis test 2020-07-03 15:24:57 +01:00			`var ss sessionsapi.SessionStore`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00
			`BeforeEach(func() {`
			`var err error`
			`mr, err = miniredis.Run()`
			`Expect(err).ToNot(HaveOccurred())`
			`})`

			`AfterEach(func() {`
			`mr.Close()`
			`})`

Close client connections after each redis test 2020-07-03 15:24:57 +01:00			`JustAfterEach(func() {`
			`// Release any connections immediately after the test ends`
			`if redisStore, ok := ss.(*SessionStore); ok {`
			`if redisStore.Client != nil {`
			`Expect(redisStore.Client.(closer).Close()).To(Succeed())`
			`}`
			`}`
			`})`

Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`tests.RunSessionStoreTests(`
Rename CookieOptions to Cookie 2020-05-25 12:43:24 +01:00			`func(opts options.SessionOptions, cookieOpts options.Cookie) (sessionsapi.SessionStore, error) {`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`// Set the connection URL`
			`opts.Type = options.RedisSessionStoreType`
			`opts.Redis.ConnectionURL = "redis://" + mr.Addr()`
Close client connections after each redis test 2020-07-03 15:24:57 +01:00
			`// Capture the session store so that we can close the client`
			`var err error`
			`ss, err = NewRedisSessionStore(opts, cookieOpts)`
			`return ss, err`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`},`
			`func(d time.Duration) error {`
			`mr.FastForward(d)`
			`return nil`
			`},`
			`)`

			`Context("with sentinel", func() {`
			`var ms *minisentinel.Sentinel`

			`BeforeEach(func() {`
			`ms = minisentinel.NewSentinel(mr)`
			`Expect(ms.Start()).To(Succeed())`
			`})`

			`AfterEach(func() {`
Close client connections after each redis test 2020-07-03 15:24:57 +01:00			`ms.Close()`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`})`

			`tests.RunSessionStoreTests(`
Rename CookieOptions to Cookie 2020-05-25 12:43:24 +01:00			`func(opts options.SessionOptions, cookieOpts options.Cookie) (sessionsapi.SessionStore, error) {`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`// Set the sentinel connection URL`
			`sentinelAddr := "redis://" + ms.Addr()`
			`opts.Type = options.RedisSessionStoreType`
			`opts.Redis.SentinelConnectionURLs = []string{sentinelAddr}`
			`opts.Redis.UseSentinel = true`
			`opts.Redis.SentinelMasterName = ms.MasterInfo().Name`
Close client connections after each redis test 2020-07-03 15:24:57 +01:00
			`// Capture the session store so that we can close the client`
			`var err error`
			`ss, err = NewRedisSessionStore(opts, cookieOpts)`
			`return ss, err`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`},`
			`func(d time.Duration) error {`
			`mr.FastForward(d)`
			`return nil`
			`},`
			`)`
			`})`

			`Context("with cluster", func() {`
			`tests.RunSessionStoreTests(`
Rename CookieOptions to Cookie 2020-05-25 12:43:24 +01:00			`func(opts options.SessionOptions, cookieOpts options.Cookie) (sessionsapi.SessionStore, error) {`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`clusterAddr := "redis://" + mr.Addr()`
			`opts.Type = options.RedisSessionStoreType`
			`opts.Redis.ClusterConnectionURLs = []string{clusterAddr}`
			`opts.Redis.UseCluster = true`
Close client connections after each redis test 2020-07-03 15:24:57 +01:00
			`// Capture the session store so that we can close the client`
			`var err error`
			`ss, err = NewRedisSessionStore(opts, cookieOpts)`
			`return ss, err`
Move SessionStore tests to independent package 2020-05-10 16:59:17 +01:00			`},`
			`func(d time.Duration) error {`
			`mr.FastForward(d)`
			`return nil`
			`},`
			`)`
			`})`
			`})`