go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-12-05 23:08:20 +02:00
Code Issues Releases Activity

Add tests for cookie validation

Browse Source 
This also removes the check for the decoded from the valid secret size
check. The code was unreachable because encryption.SecretBytes will only
return the decoded secret if it was the right length after decoding.
This commit is contained in:
Joel Speed
2020-05-25 12:01:16 +01:00
parent 900061b88a
commit 285c65a2d4
3 changed files with 253 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/validation/cookie.go
View File

@@ -55,15 +55,8 @@ func validateCookieSecret(secret string) []string {
return []string{}
}
// Invalid secret size found, return a message
// If the secretBytes is different to the raw secret, it was decoded from Base64
// Add a note to the error message
var decodedSuffix string
if string(secretBytes) != secret {
decodedSuffix = " note: cookie secret was base64 decoded"
}
return []string{fmt.Sprintf(
"cookie_secret must be 16, 24, or 32 bytes to create an AES cipher, but is %d bytes.%s",
len(secretBytes), decodedSuffix)}
"cookie_secret must be 16, 24, or 32 bytes to create an AES cipher, but is %d bytes",
len(secretBytes)),
}
}