From fd544b7072be3cb205b75000e4c50fa53bcb2024 Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Date: Tue, 28 Jul 2020 21:18:39 +0700
Subject: [PATCH] authenticate: fix wrong condition checking in VerifySession
 (#1146)

The code checks session client not nil, but using databroker client in
the body instead.
---
 authenticate/handlers.go      |  2 +-
 authenticate/handlers_test.go | 19 +++++++++++++++++++
 go.sum                        |  1 +
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/authenticate/handlers.go b/authenticate/handlers.go
index 075faf878..f94e7db28 100644
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@@ -137,7 +137,7 @@ func (a *Authenticate) VerifySession(next http.Handler) http.Handler {
 			return a.reauthenticateOrFail(w, r, err)
 		}
 
-		if a.sessionClient != nil {
+		if a.dataBrokerClient != nil {
 			_, err = session.Get(ctx, a.dataBrokerClient, sessionState.ID)
 			if err != nil {
 				log.FromRequest(r).Info().Err(err).Str("id", sessionState.ID).Msg("authenticate: session not found in databroker")
diff --git a/authenticate/handlers_test.go b/authenticate/handlers_test.go
index 83b1245a6..cbfec8114 100644
--- a/authenticate/handlers_test.go
+++ b/authenticate/handlers_test.go
@@ -466,6 +466,25 @@ func TestAuthenticate_SessionValidatorMiddleware(t *testing.T) {
 				cookieCipher:     aead,
 				encryptedEncoder: signer,
 				sharedEncoder:    signer,
+				dataBrokerClient: mockDataBrokerServiceClient{
+					get: func(ctx context.Context, in *databroker.GetRequest, opts ...grpc.CallOption) (*databroker.GetResponse, error) {
+						data, err := ptypes.MarshalAny(&session.Session{
+							Id: "SESSION_ID",
+						})
+						if err != nil {
+							return nil, err
+						}
+
+						return &databroker.GetResponse{
+							Record: &databroker.Record{
+								Version: "0001",
+								Type:    data.GetTypeUrl(),
+								Id:      "SESSION_ID",
+								Data:    data,
+							},
+						}, nil
+					},
+				},
 			}
 			r := httptest.NewRequest("GET", "/", nil)
 			state, err := tt.session.LoadSession(r)
diff --git a/go.sum b/go.sum
index 980f8ee43..64d0292f2 100644
--- a/go.sum
+++ b/go.sum
@@ -217,6 +217,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-jsonnet v0.16.0 h1:Nb4EEOp+rdeGGyB1rQ5eisgSAqrTnhf9ip+X6lzZbY0=
 github.com/google/go-jsonnet v0.16.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw=