go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-25 12:24:41 +02:00
Code Issues Releases Activity

Switch to in session store initialisation

Browse Source
This commit is contained in:
Joel Speed 2020-06-28 12:44:12 +01:00
parent 778463906a
commit 6e1b3b9660
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
6 changed files with 48 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
oauthproxy_test.go
View File

@ -22,7 +22,6 @@ import (
"github.com/mbland/hmacauth" "github.com/mbland/hmacauth"
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
"github.com/oauth2-proxy/oauth2-proxy/pkg/validation" "github.com/oauth2-proxy/oauth2-proxy/pkg/validation"
@ -1605,9 +1604,7 @@ func TestClearSplitCookie(t *testing.T) {
opts.Cookie.Secret = base64CookieSecret opts.Cookie.Secret = base64CookieSecret
opts.Cookie.Name = "oauth2" opts.Cookie.Name = "oauth2"
opts.Cookie.Domains = []string{"abc"} opts.Cookie.Domains = []string{"abc"}
cipher, err := encryption.NewBase64Cipher(encryption.NewCFBCipher, encryption.SecretBytes(opts.Cookie.Secret)) store, err := cookie.NewCookieSessionStore(&opts.Session, &opts.Cookie)
assert.Equal(t, nil, err)
store, err := cookie.NewCookieSessionStore(&opts.Session, &opts.Cookie, cipher)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
p := OAuthProxy{CookieName: opts.Cookie.Name, CookieDomains: opts.Cookie.Domains, sessionStore: store} p := OAuthProxy{CookieName: opts.Cookie.Name, CookieDomains: opts.Cookie.Domains, sessionStore: store}
var rw = httptest.NewRecorder() var rw = httptest.NewRecorder()
@ -1636,9 +1633,7 @@ func TestClearSingleCookie(t *testing.T) {
opts := baseTestOptions() opts := baseTestOptions()
opts.Cookie.Name = "oauth2" opts.Cookie.Name = "oauth2"
opts.Cookie.Domains = []string{"abc"} opts.Cookie.Domains = []string{"abc"}
cipher, err := encryption.NewBase64Cipher(encryption.NewCFBCipher, encryption.SecretBytes(opts.Cookie.Secret)) store, err := cookie.NewCookieSessionStore(&opts.Session, &opts.Cookie)
assert.Equal(t, nil, err)
store, err := cookie.NewCookieSessionStore(&opts.Session, &opts.Cookie, cipher)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
p := OAuthProxy{CookieName: opts.Cookie.Name, CookieDomains: opts.Cookie.Domains, sessionStore: store} p := OAuthProxy{CookieName: opts.Cookie.Name, CookieDomains: opts.Cookie.Domains, sessionStore: store}
var rw = httptest.NewRecorder() var rw = httptest.NewRecorder()

7
pkg/sessions/cookie/session_store.go
View File

@ -126,7 +126,12 @@ func (s *SessionStore) makeCookie(req *http.Request, name string, value string,
// NewCookieSessionStore initialises a new instance of the SessionStore from // NewCookieSessionStore initialises a new instance of the SessionStore from
// the configuration given // the configuration given
func NewCookieSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions, cipher encryption.Cipher) (sessions.SessionStore, error) { func NewCookieSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) {
cipher, err := encryption.NewBase64Cipher(encryption.NewCFBCipher, encryption.SecretBytes(cookieOpts.Secret))
if err != nil {
return nil, fmt.Errorf("error initialising cipher: %v", err)
}
return &SessionStore{ return &SessionStore{
CookieCipher: cipher, CookieCipher: cipher,
CookieOptions: cookieOpts, CookieOptions: cookieOpts,

7
pkg/sessions/redis/redis_store.go
View File

@ -39,7 +39,12 @@ type SessionStore struct {
// NewRedisSessionStore initialises a new instance of the SessionStore from // NewRedisSessionStore initialises a new instance of the SessionStore from
// the configuration given // the configuration given
func NewRedisSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions, cipher encryption.Cipher) (sessions.SessionStore, error) { func NewRedisSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) {
cipher, err := encryption.NewBase64Cipher(encryption.NewCFBCipher, encryption.SecretBytes(cookieOpts.Secret))
if err != nil {
return nil, fmt.Errorf("error initialising cipher: %v", err)
}
client, err := newRedisCmdable(opts.Redis) client, err := newRedisCmdable(opts.Redis)
if err != nil { if err != nil {
return nil, fmt.Errorf("error constructing redis client: %v", err) return nil, fmt.Errorf("error constructing redis client: %v", err)

12
pkg/sessions/redis/redis_store_test.go
View File

@ -11,7 +11,6 @@ import (
"github.com/alicebob/miniredis/v2" "github.com/alicebob/miniredis/v2"
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -21,9 +20,6 @@ func TestRedisStore(t *testing.T) {
_, err := rand.Read(secret) _, err := rand.Read(secret)
assert.NoError(t, err) assert.NoError(t, err)
cipher, err := encryption.NewBase64Cipher(encryption.NewCFBCipher, encryption.SecretBytes(string(secret)))
assert.NoError(t, err)
t.Run("save session on redis standalone", func(t *testing.T) { t.Run("save session on redis standalone", func(t *testing.T) {
redisServer, err := miniredis.Run() redisServer, err := miniredis.Run()
require.NoError(t, err) require.NoError(t, err)
@ -34,7 +30,9 @@ func TestRedisStore(t *testing.T) {
Host: redisServer.Addr(), Host: redisServer.Addr(),
} }
opts.Session.Redis.ConnectionURL = redisURL.String() opts.Session.Redis.ConnectionURL = redisURL.String()
redisStore, err := NewRedisSessionStore(&opts.Session, &opts.Cookie, cipher)
opts.Cookie.Secret = string(secret)
redisStore, err := NewRedisSessionStore(&opts.Session, &opts.Cookie)
require.NoError(t, err) require.NoError(t, err)
err = redisStore.Save( err = redisStore.Save(
httptest.NewRecorder(), httptest.NewRecorder(),
@ -58,7 +56,9 @@ func TestRedisStore(t *testing.T) {
opts.Session.Redis.SentinelConnectionURLs = []string{sentinelURL.String()} opts.Session.Redis.SentinelConnectionURLs = []string{sentinelURL.String()}
opts.Session.Redis.UseSentinel = true opts.Session.Redis.UseSentinel = true
opts.Session.Redis.SentinelMasterName = sentinel.MasterInfo().Name opts.Session.Redis.SentinelMasterName = sentinel.MasterInfo().Name
redisStore, err := NewRedisSessionStore(&opts.Session, &opts.Cookie, cipher)
opts.Cookie.Secret = string(secret)
redisStore, err := NewRedisSessionStore(&opts.Session, &opts.Cookie)
require.NoError(t, err) require.NoError(t, err)
err = redisStore.Save( err = redisStore.Save(
httptest.NewRecorder(), httptest.NewRecorder(),

9
pkg/sessions/session_store.go
View File

@ -5,22 +5,17 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie"
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis" "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis"
) )
// NewSessionStore creates a SessionStore from the provided configuration // NewSessionStore creates a SessionStore from the provided configuration
func NewSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) { func NewSessionStore(opts *options.SessionOptions, cookieOpts *options.CookieOptions) (sessions.SessionStore, error) {
cipher, err := encryption.NewBase64Cipher(encryption.NewCFBCipher, encryption.SecretBytes(cookieOpts.Secret))
if err != nil {
return nil, fmt.Errorf("error initialising cipher: %v", err)
}
switch opts.Type { switch opts.Type {
case options.CookieSessionStoreType: case options.CookieSessionStoreType:
return cookie.NewCookieSessionStore(opts, cookieOpts, cipher) return cookie.NewCookieSessionStore(opts, cookieOpts)
case options.RedisSessionStoreType: case options.RedisSessionStoreType:
return redis.NewRedisSessionStore(opts, cookieOpts, cipher) return redis.NewRedisSessionStore(opts, cookieOpts)
default: default:
return nil, fmt.Errorf("unknown session store type '%s'", opts.Type) return nil, fmt.Errorf("unknown session store type '%s'", opts.Type)
} }

39
pkg/sessions/session_store_test.go
View File

@ -417,6 +417,19 @@ var _ = Describe("NewSessionStore", func() {
Context("the cookie.SessionStore", func() { Context("the cookie.SessionStore", func() {
RunSessionTests(false) RunSessionTests(false)
}) })
Context("with an invalid cookie secret", func() {
BeforeEach(func() {
cookieOpts.Secret = "invalid"
})
It("returns an error", func() {
ss, err := sessions.NewSessionStore(opts, cookieOpts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("error initialising cipher: crypto/aes: invalid key size 7"))
Expect(ss).To(BeNil())
})
})
}) })
Context("with type 'redis'", func() { Context("with type 'redis'", func() {
@ -441,6 +454,19 @@ var _ = Describe("NewSessionStore", func() {
Context("the redis.SessionStore", func() { Context("the redis.SessionStore", func() {
RunSessionTests(true) RunSessionTests(true)
}) })
Context("with an invalid cookie secret", func() {
BeforeEach(func() {
cookieOpts.Secret = "invalid"
})
It("returns an error", func() {
ss, err := sessions.NewSessionStore(opts, cookieOpts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("error initialising cipher: crypto/aes: invalid key size 7"))
Expect(ss).To(BeNil())
})
})
}) })
Context("with an invalid type", func() { Context("with an invalid type", func() {
@ -455,17 +481,4 @@ var _ = Describe("NewSessionStore", func() {
Expect(ss).To(BeNil()) Expect(ss).To(BeNil())
}) })
}) })
Context("with an invalid cookie secret", func() {
BeforeEach(func() {
cookieOpts.Secret = "invalid"
})
It("returns an error", func() {
ss, err := sessions.NewSessionStore(opts, cookieOpts)
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(Equal("error initialising cipher: crypto/aes: invalid key size 7"))
Expect(ss).To(BeNil())
})
})
}) })