public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix ticket retrieval with an invalid ticket 

(cherry picked from commit 66bbf146ec45d127bdd374120743aeef936894a7)
This commit is contained in:
Joel Speed 2019-05-30 10:10:28 +01:00 committed by Brian Van Klaveren
parent 3155ada287
commit 22199fa417
1 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
pkg/sessions/redis/redis_store.go
View File

@ -192,26 +192,9 @@ func (store *SessionStore) makeCookie(req *http.Request, value string, expires t
}
func (store *SessionStore) storeValue(value string, expiration time.Duration, requestCookie *http.Cookie) (string, error) {
var ticket *TicketData
if requestCookie != nil {
var err error
val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
if !ok {
ticket, err = newTicket()
if err != nil {
return "", fmt.Errorf("error creating new ticket: %s", err)
}
}
ticket, err = decodeTicket(store.CookieOptions.CookieName, val)
if err != nil {
return "", err
}
} else {
var err error
ticket, err = newTicket()
if err != nil {
return "", fmt.Errorf("error creating new ticket: %s", err)
}
ticket, err := store.getTicket(requestCookie)
if err != nil {
return "", fmt.Errorf("error getting ticket: %v", err)
}
ciphertext := make([]byte, len(value))
@ -232,6 +215,24 @@ func (store *SessionStore) storeValue(value string, expiration time.Duration, re
return ticket.encodeTicket(store.CookieOptions.CookieName), nil
}
// getTicket retrieves an existing ticket from the cookie if present,
// or creates a new ticket
func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, error) {
if requestCookie == nil {
return newTicket()
}
// An existing cookie exists, try to retrieve the ticket
val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
if !ok {
// Cookie is invalid, create a new ticket
return newTicket()
}
// Valid cookie, decode the ticket
return decodeTicket(store.CookieOptions.CookieName, val)
}
func newTicket() (*TicketData, error) {
rawID := make([]byte, 16)
if _, err := io.ReadFull(rand.Reader, rawID); err != nil {