Add EncryptInto/DecryptInto Unit Tests

2025-12-01 22:51:45 +02:00 · 2020-06-01 16:19:27 -07:00
parent e43c65cc76
commit 014fa682be
6 changed files with 124 additions and 77 deletions
--- a/pkg/apis/sessions/session_state.go
+++ b/pkg/apis/sessions/session_state.go
@@ -104,24 +104,18 @@ func DecodeSessionState(v string, c encryption.Cipher) (*SessionState, error) {
 			PreferredUsername: ss.PreferredUsername,
 		}
 	} else {
-		// Backward compatibility with using unencrypted Email
-		if ss.Email != "" {
-			decryptedEmail, errEmail := stringDecrypt(ss.Email, c)
-			if errEmail == nil {
-				if !utf8.ValidString(decryptedEmail) {
-					return nil, errors.New("invalid value for decrypted email")
-				}
-				ss.Email = decryptedEmail
+		// Backward compatibility with using unencrypted Email or User
+		// Decryption errors will leave original string
+		err = c.DecryptInto(&ss.Email)
+		if err == nil {
+			if !utf8.ValidString(ss.Email) {
+				return nil, errors.New("invalid value for decrypted email")
 			}
 		}
-		// Backward compatibility with using unencrypted User
-		if ss.User != "" {
-			decryptedUser, errUser := stringDecrypt(ss.User, c)
-			if errUser == nil {
-				if !utf8.ValidString(decryptedUser) {
-					return nil, errors.New("invalid value for decrypted user")
-				}
-				ss.User = decryptedUser
+		err = c.DecryptInto(&ss.User)
+		if err == nil {
+			if !utf8.ValidString(ss.User) {
+				return nil, errors.New("invalid value for decrypted user")
 			}
 		}

@@ -139,12 +133,3 @@ func DecodeSessionState(v string, c encryption.Cipher) (*SessionState, error) {
 	}
 	return &ss, nil
 }
-
-// stringDecrypt wraps a Base64Cipher to make it string => string
-func stringDecrypt(ciphertext string, c encryption.Cipher) (string, error) {
-	value, err := c.Decrypt([]byte(ciphertext))
-	if err != nil {
-		return "", err
-	}
-	return string(value), nil
-}
--- a/pkg/apis/sessions/session_state_test.go
+++ b/pkg/apis/sessions/session_state_test.go
@@ -17,14 +17,14 @@ func timePtr(t time.Time) *time.Time {
 	return &t
 }

-func NewCipher(secret []byte) (encryption.Cipher, error) {
+func newTestCipher(secret []byte) (encryption.Cipher, error) {
 	return encryption.NewBase64Cipher(encryption.NewCFBCipher, secret)
 }

 func TestSessionStateSerialization(t *testing.T) {
-	c, err := NewCipher([]byte(secret))
+	c, err := newTestCipher([]byte(secret))
 	assert.Equal(t, nil, err)
-	c2, err := NewCipher([]byte(altSecret))
+	c2, err := newTestCipher([]byte(altSecret))
 	assert.Equal(t, nil, err)
 	s := &sessions.SessionState{
 		Email:             "user@domain.com",
@@ -57,9 +57,9 @@ func TestSessionStateSerialization(t *testing.T) {
 }

 func TestSessionStateSerializationWithUser(t *testing.T) {
-	c, err := NewCipher([]byte(secret))
+	c, err := newTestCipher([]byte(secret))
 	assert.Equal(t, nil, err)
-	c2, err := NewCipher([]byte(altSecret))
+	c2, err := newTestCipher([]byte(altSecret))
 	assert.Equal(t, nil, err)
 	s := &sessions.SessionState{
 		User:              "just-user",
@@ -205,7 +205,7 @@ func TestDecodeSessionState(t *testing.T) {
 	eJSON, _ := e.MarshalJSON()
 	eString := string(eJSON)

-	c, err := NewCipher([]byte(secret))
+	c, err := newTestCipher([]byte(secret))
 	assert.NoError(t, err)

 	testCases := []testCase{