go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-12-01 22:51:45 +02:00
Code Issues Releases Activity

Refactor encryption.Cipher to be an Encrypt/Decrypt Interface

Browse Source 
All Encrypt/Decrypt Cipher implementations will now take
and return []byte to set up usage in future binary compatible
encoding schemes to fix issues with bloat encrypting to strings
(which requires base64ing adding 33% size)
This commit is contained in:
Nick Meves
2020-05-09 17:01:51 -07:00
parent b4530b9292
commit f7cca1d0b3
8 changed files with 198 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pkg/apis/sessions/session_state.go
View File

@@ -60,7 +60,7 @@ func (s *SessionState) String() string {
}
// EncodeSessionState returns string representation of the current session
func (s *SessionState) EncodeSessionState(c *encryption.Cipher) (string, error) {
func (s *SessionState) EncodeSessionState(c encryption.Cipher) (string, error) {
var ss SessionState
if c == nil {
// Store only Email and User when cipher is unavailable
@@ -89,7 +89,7 @@ func (s *SessionState) EncodeSessionState(c *encryption.Cipher) (string, error)
}
// DecodeSessionState decodes the session cookie string into a SessionState
func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
func DecodeSessionState(v string, c encryption.Cipher) (*SessionState, error) {
var ss SessionState
err := json.Unmarshal([]byte(v), &ss)
if err != nil {
@@ -106,7 +106,7 @@ func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
} else {
// Backward compatibility with using unencrypted Email
if ss.Email != "" {
decryptedEmail, errEmail := c.Decrypt(ss.Email)
decryptedEmail, errEmail := stringDecrypt(ss.Email, c)
if errEmail == nil {
if !utf8.ValidString(decryptedEmail) {
return nil, errors.New("invalid value for decrypted email")
@@ -116,7 +116,7 @@ func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
}
// Backward compatibility with using unencrypted User
if ss.User != "" {
decryptedUser, errUser := c.Decrypt(ss.User)
decryptedUser, errUser := stringDecrypt(ss.User, c)
if errUser == nil {
if !utf8.ValidString(decryptedUser) {
return nil, errors.New("invalid value for decrypted user")
@@ -139,3 +139,12 @@ func DecodeSessionState(v string, c *encryption.Cipher) (*SessionState, error) {
}
return &ss, nil
}
// stringDecrypt wraps a Base64Cipher to make it string => string
func stringDecrypt(ciphertext string, c encryption.Cipher) (string, error) {
value, err := c.Decrypt([]byte(ciphertext))
if err != nil {
return "", err
}
return string(value), nil
}