mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 16:59:22 +02:00
session: remove audience check (#640)
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone
GitHub
parent
b1d3bbaf56
commit
f7ee08b05a
3 changed files with 11 additions and 30 deletions
|
|
@ -114,25 +114,18 @@ func (s State) RouteSession() *State {
|
|||
return &s
|
||||
}
|
||||
|
||||
// Verify returns an error if the users's session state is not valid.
|
||||
func (s *State) Verify(audience string) error {
|
||||
// IsExpired returns true if the users's session is expired.
|
||||
func (s *State) IsExpired() bool {
|
||||
|
||||
if s.Expiry != nil && timeNow().After(s.Expiry.Time()) {
|
||||
return ErrExpired
|
||||
return true
|
||||
}
|
||||
|
||||
// if we have an associated access token, check if that token has expired as well
|
||||
if s.AccessToken != nil && timeNow().After(s.AccessToken.Expiry) {
|
||||
return ErrExpired
|
||||
return true
|
||||
}
|
||||
|
||||
if len(s.Audience) != 0 {
|
||||
if !s.Audience.Contains(audience) {
|
||||
return ErrInvalidAudience
|
||||
}
|
||||
|
||||
}
|
||||
return nil
|
||||
return false
|
||||
}
|
||||
|
||||
// Impersonating returns if the request is impersonating.
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ func TestState_Impersonating(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestState_Verify(t *testing.T) {
|
||||
func TestState_IsExpired(t *testing.T) {
|
||||
t.Parallel()
|
||||
tests := []struct {
|
||||
name string
|
||||
|
|
@ -63,7 +63,6 @@ func TestState_Verify(t *testing.T) {
|
|||
}{
|
||||
{"good", []string{"a", "b", "c"}, jwt.NewNumericDate(time.Now().Add(time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), &oauth2.Token{Expiry: time.Now().Add(time.Hour)}, "a", false},
|
||||
{"bad expiry", []string{"a", "b", "c"}, jwt.NewNumericDate(time.Now().Add(-time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), &oauth2.Token{Expiry: time.Now().Add(time.Hour)}, "a", true},
|
||||
{"bad audience", []string{"x", "y", "z"}, jwt.NewNumericDate(time.Now().Add(time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), &oauth2.Token{Expiry: time.Now().Add(time.Hour)}, "a", true},
|
||||
{"bad access token expiry", []string{"a", "b", "c"}, jwt.NewNumericDate(time.Now().Add(time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), jwt.NewNumericDate(time.Now().Add(-time.Hour)), &oauth2.Token{Expiry: time.Now().Add(-time.Hour)}, "a", true},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
|
@ -75,8 +74,8 @@ func TestState_Verify(t *testing.T) {
|
|||
IssuedAt: tt.IssuedAt,
|
||||
AccessToken: tt.AccessToken,
|
||||
}
|
||||
if err := s.Verify(tt.audience); (err != nil) != tt.wantErr {
|
||||
t.Errorf("State.Verify() error = %v, wantErr %v", err, tt.wantErr)
|
||||
if exp := s.IsExpired(); exp != tt.wantErr {
|
||||
t.Errorf("State.IsExpired() error = %v, wantErr %v", exp, tt.wantErr)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue