mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-18 19:47:22 +02:00
authenticate: fix wrong condition checking in VerifySession (#1146)
The code checks session client not nil, but using databroker client in the body instead.
This commit is contained in:
Cuong Manh Le
GitHub
parent
bec908b9af
commit
fd544b7072
3 changed files with 21 additions and 1 deletions
|
|
@ -137,7 +137,7 @@ func (a *Authenticate) VerifySession(next http.Handler) http.Handler {
|
||||||
return a.reauthenticateOrFail(w, r, err)
|
return a.reauthenticateOrFail(w, r, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if a.sessionClient != nil {
|
if a.dataBrokerClient != nil {
|
||||||
_, err = session.Get(ctx, a.dataBrokerClient, sessionState.ID)
|
_, err = session.Get(ctx, a.dataBrokerClient, sessionState.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.FromRequest(r).Info().Err(err).Str("id", sessionState.ID).Msg("authenticate: session not found in databroker")
|
log.FromRequest(r).Info().Err(err).Str("id", sessionState.ID).Msg("authenticate: session not found in databroker")
|
||||||
|
|
|
||||||
|
|
@ -466,6 +466,25 @@ func TestAuthenticate_SessionValidatorMiddleware(t *testing.T) {
|
||||||
cookieCipher: aead,
|
cookieCipher: aead,
|
||||||
encryptedEncoder: signer,
|
encryptedEncoder: signer,
|
||||||
sharedEncoder: signer,
|
sharedEncoder: signer,
|
||||||
|
dataBrokerClient: mockDataBrokerServiceClient{
|
||||||
|
get: func(ctx context.Context, in *databroker.GetRequest, opts ...grpc.CallOption) (*databroker.GetResponse, error) {
|
||||||
|
data, err := ptypes.MarshalAny(&session.Session{
|
||||||
|
Id: "SESSION_ID",
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &databroker.GetResponse{
|
||||||
|
Record: &databroker.Record{
|
||||||
|
Version: "0001",
|
||||||
|
Type: data.GetTypeUrl(),
|
||||||
|
Id: "SESSION_ID",
|
||||||
|
Data: data,
|
||||||
|
},
|
||||||
|
}, nil
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
r := httptest.NewRequest("GET", "/", nil)
|
r := httptest.NewRequest("GET", "/", nil)
|
||||||
state, err := tt.session.LoadSession(r)
|
state, err := tt.session.LoadSession(r)
|
||||||
|
|
|
||||||
1
go.sum
1
go.sum
|
|
@ -217,6 +217,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
|
||||||
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
|
github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
|
||||||
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
|
github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
|
||||||
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
github.com/google/go-jsonnet v0.16.0 h1:Nb4EEOp+rdeGGyB1rQ5eisgSAqrTnhf9ip+X6lzZbY0=
|
github.com/google/go-jsonnet v0.16.0 h1:Nb4EEOp+rdeGGyB1rQ5eisgSAqrTnhf9ip+X6lzZbY0=
|
||||||
github.com/google/go-jsonnet v0.16.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw=
|
github.com/google/go-jsonnet v0.16.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw=
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue