From 47f10c03ae22e6d7bea2d32fc3d98005acd96745 Mon Sep 17 00:00:00 2001 From: eikendev Date: Fri, 11 Feb 2022 23:48:08 +0100 Subject: [PATCH] Fix token lengths --- internal/authentication/token.go | 2 ++ internal/authentication/token_test.go | 11 ++--------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/internal/authentication/token.go b/internal/authentication/token.go index 6edda01..7e91d6f 100644 --- a/internal/authentication/token.go +++ b/internal/authentication/token.go @@ -53,5 +53,7 @@ func GenerateApplicationToken(compat bool) string { tokenLength = compatTokenLength } + tokenLength -= len(applicationTokenPrefix) + return applicationTokenPrefix + generateRandomString(tokenLength) } diff --git a/internal/authentication/token_test.go b/internal/authentication/token_test.go index 83dc891..7e7138e 100644 --- a/internal/authentication/token_test.go +++ b/internal/authentication/token_test.go @@ -1,7 +1,6 @@ package authentication import ( - "log" "testing" "github.com/stretchr/testify/assert" @@ -9,20 +8,14 @@ import ( ) func isGoodToken(assert *assert.Assertions, require *require.Assertions, token string, compat bool) { - prefix := token[0:len(applicationTokenPrefix)] - token = token[len(applicationTokenPrefix):] - - // Although constant at the time of writing, this check should prevent future changes from generating insecure tokens. - if len(token) < 14 { - log.Fatalf("Tokens should have more random characters") - } - if compat { assert.Equal(len(token), compatTokenLength, "Unexpected compatibility token length") } else { assert.Equal(len(token), regularTokenLength, "Unexpected regular token length") } + prefix := token[0:len(applicationTokenPrefix)] + assert.Equal(prefix, applicationTokenPrefix, "Invalid token prefix") for _, c := range []byte(token) {