internal/sessions: fix cookie clear session (#376)

CookieStore's ClearSession now properly clears the user session cookie by setting MaxAge to -1. internal/sessions: move encoder interface to encoding package, and rename to MarshalUnmarshaler. internal/encoding: move mock to own package authenticate: use INFO log level for authZ error. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-05-31 09:57:17 +02:00 · 2019-11-09 10:49:24 -08:00 · 2019-11-09 10:49:24 -08:00 · b9ab49c32c
commit b9ab49c32c
parent d3d60d1055
19 changed files with 173 additions and 217 deletions
--- a/internal/encoding/ecjson/ecjson.go
+++ b/internal/encoding/ecjson/ecjson.go
@ -11,6 +11,7 @@ import (
 	"io"

 	"github.com/pomerium/pomerium/internal/cryptutil"
+	"github.com/pomerium/pomerium/internal/encoding"
 )

 // EncryptedCompressedJSON implements SecureEncoder for JSON using an AEAD cipher.
@ -21,7 +22,7 @@ type EncryptedCompressedJSON struct {
 }

 // New takes a base64 encoded secret key and returns a new XChacha20poly1305 cipher.
-func New(aead cipher.AEAD) *EncryptedCompressedJSON {
+func New(aead cipher.AEAD) encoding.MarshalUnmarshaler {
 	return &EncryptedCompressedJSON{aead: aead}
 }

--- a/internal/encoding/econding.go
+++ b/internal/encoding/econding.go
@ -0,0 +1,17 @@
+package encoding // import "github.com/pomerium/pomerium/internal/encoding"
+
+// MarshalUnmarshaler can both Marshal and Unmarshal a struct into and from a set of bytes.
+type MarshalUnmarshaler interface {
+	Marshaler
+	Unmarshaler
+}
+
+// Marshaler encodes a struct into a set of bytes.
+type Marshaler interface {
+	Marshal(interface{}) ([]byte, error)
+}
+
+// Unmarshaler decodes a set of bytes and returns a struct.
+type Unmarshaler interface {
+	Unmarshal([]byte, interface{}) error
+}
--- a/internal/encoding/jws/jws.go
+++ b/internal/encoding/jws/jws.go
@ -5,10 +5,11 @@ package jws // import "github.com/pomerium/pomerium/internal/encoding/jws"
 import (
 	"encoding/base64"

+	"github.com/pomerium/pomerium/internal/cryptutil"
+	"github.com/pomerium/pomerium/internal/encoding"
+
 	jose "gopkg.in/square/go-jose.v2"
 	"gopkg.in/square/go-jose.v2/jwt"
-
-	"github.com/pomerium/pomerium/internal/cryptutil"
 )

 // JSONWebSigner is the struct representing a signed JWT.
@ -21,7 +22,7 @@ type JSONWebSigner struct {
 }

 // NewHS256Signer creates a SHA256 JWT signer from a 32 byte key.
-func NewHS256Signer(key []byte, issuer string) (*JSONWebSigner, error) {
+func NewHS256Signer(key []byte, issuer string) (encoding.MarshalUnmarshaler, error) {
 	sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: key},
 		(&jose.SignerOptions{}).WithType("JWT"))
 	if err != nil {
--- a/internal/encoding/mock/mock_encoder.go
+++ b/internal/encoding/mock/mock_encoder.go
@ -0,0 +1,18 @@
+package mock // import "github.com/pomerium/pomerium/internal/encoding/mock"
+
+// Encoder MockCSRFStore is a mock implementation of Cipher.
+type Encoder struct {
+	MarshalResponse []byte
+	MarshalError    error
+	UnmarshalError  error
+}
+
+// Marshal is a mock implementation of Encoder.
+func (mc Encoder) Marshal(i interface{}) ([]byte, error) {
+	return mc.MarshalResponse, mc.MarshalError
+}
+
+// Unmarshal is a mock implementation of Encoder.
+func (mc Encoder) Unmarshal(s []byte, i interface{}) error {
+	return mc.UnmarshalError
+}
--- a/internal/encoding/mock/mock_encoder_test.go
+++ b/internal/encoding/mock/mock_encoder_test.go
@ -1,4 +1,4 @@
-package encoding // import "github.com/pomerium/pomerium/internal/encoding"
+package mock // import "github.com/pomerium/pomerium/internal/encoding/mock"

 import (
 	"errors"
@ -7,7 +7,7 @@ import (

 func TestMockEncoder(t *testing.T) {
 	e := errors.New("err")
-	mc := MockEncoder{
+	mc := Encoder{
 		MarshalResponse: []byte("MarshalResponse"),
 		MarshalError:    e,
 		UnmarshalError:  e,
--- a/internal/encoding/mock_encoder.go
+++ b/internal/encoding/mock_encoder.go
@ -1,18 +0,0 @@
-package encoding // import "github.com/pomerium/pomerium/internal/encoding"
-
-// MockEncoder MockCSRFStore is a mock implementation of Cipher.
-type MockEncoder struct {
-	MarshalResponse []byte
-	MarshalError    error
-	UnmarshalError  error
-}
-
-// Marshal is a mock implementation of MockEncoder.
-func (mc MockEncoder) Marshal(i interface{}) ([]byte, error) {
-	return mc.MarshalResponse, mc.MarshalError
-}
-
-// Unmarshal is a mock implementation of MockEncoder.
-func (mc MockEncoder) Unmarshal(s []byte, i interface{}) error {
-	return mc.UnmarshalError
-}