authenticate: make service http only

- Rename SessionState to State to avoid stutter. - Simplified option validation to use a wrapper function for base64 secrets. - Removed authenticates grpc code. - Abstracted logic to load and validate a user's authenticate session. - Removed instances of url.Parse in favor of urlutil's version. - proxy: replaces grpc refresh logic with forced deadline advancement. - internal/sessions: remove rest store; parse authorize header as part of session store. - proxy: refactor request signer - sessions: remove extend deadline (fixes #294) - remove AuthenticateInternalAddr - remove AuthenticateInternalAddrString - omit type tag.Key from declaration of vars TagKey* it will be inferred from the right-hand side - remove compatibility package xerrors - use cloned http.DefaultTransport as base transport
2025-06-26 22:48:07 +02:00 · 2019-08-29 22:12:29 -07:00 · 2019-08-29 22:12:29 -07:00 · 380d314404
commit 380d314404
parent bc72d08ad4
53 changed files with 718 additions and 2280 deletions
--- a/internal/cryptutil/encrypt_test.go
+++ b/internal/cryptutil/encrypt_test.go
@ -259,3 +259,26 @@ func TestNewCipher(t *testing.T) {
 		})
 	}
 }
+
+func TestNewCipherFromBase64(t *testing.T) {
+
+	tests := []struct {
+		name    string
+		s       string
+		wantErr bool
+	}{
+		{"simple 32 byte key", base64.StdEncoding.EncodeToString(GenerateKey()), false},
+		{"key too short", base64.StdEncoding.EncodeToString([]byte("what is entropy")), true},
+		{"key too long", GenerateRandomString(33), true},
+		{"bad base 64", string(GenerateKey()), true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := NewCipherFromBase64(tt.s)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("NewCipherFromBase64() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+		})
+	}
+}