3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 02:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

cmd/pomerium: add check for service validity

Browse source 
proxy: update key check error message to check 32 bytes
authenticate: update key check error message to check 32 bytes
docs: update readme for clarity
This commit is contained in:
Bobby DeSimone 2019-01-19 11:29:22 -08:00
parent 9404dafcf4
commit 2c7a7f2e02
No known key found for this signature in database
GPG key ID: AEE4CF12FE86D07E
6 changed files with 24 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

20
authenticate/authenticate.go
View file

@ -94,20 +94,10 @@ func (o *Options) Validate() error {
}
decodedCookieSecret, err := base64.StdEncoding.DecodeString(o.CookieSecret)
if err != nil {
return fmt.Errorf("authenticate options: cookie secret invalid"+
"must be a base64-encoded, 256 bit key e.g. `head -c32 /dev/urandom | base64`"+
"got %q", err)
return fmt.Errorf("cookie secret is invalid base64: %v", err)
}
validCookieSecretLength := false
for _, i := range []int{32, 64} {
if len(decodedCookieSecret) == i {
validCookieSecretLength = true
}
}
if !validCookieSecretLength {
return fmt.Errorf("authenticate options: invalid cookie secret strength want"+
" 32 to 64 bytes, got %d bytes", len(decodedCookieSecret))
if len(decodedCookieSecret) != 32 {
return fmt.Errorf("cookie secret expects 32 bytes but got %d", len(decodedCookieSecret))
}
return nil
@ -127,9 +117,7 @@ type Authenticator struct {
SessionLifetimeTTL time.Duration
decodedCookieSecret []byte
templates *template.Template
// sesion related
templates *template.Template
csrfStore sessions.CSRFStore
sessionStore sessions.SessionStore
cipher cryptutil.Cipher