go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Code Issues Releases Activity

Stop accepting legacy SHA1 signed cookies

Browse Source
This commit is contained in:
Nick Meves
2020-05-24 11:02:08 -07:00
parent 55a941b76e
commit 56f199a24f
3 changed files with 7 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/encryption/utils.go
View File

@ -2,8 +2,6 @@ package encryption
import (
"crypto/hmac"
// TODO (@NickMeves): Remove SHA1 signed cookie support in V7
"crypto/sha1" // #nosec G505
"crypto/sha256"
"encoding/base64"
"fmt"
@ -95,16 +93,7 @@ func checkSignature(signature string, args ...string) bool {
if err != nil {
return false
}
if checkHmac(signature, checkSig) {
return true
}
// TODO (@NickMeves): Remove SHA1 signed cookie support in V7
legacySig, err := cookieSignature(sha1.New, args...)
if err != nil {
return false
}
return checkHmac(signature, legacySig)
return checkHmac(signature, checkSig)
}
func checkHmac(input, expected string) bool {