Skip to content

Commit 3807a21

Browse files
JusshersmithJusshersmith
committed
sso_proxy: don't set decodedCookieSecret in Cookie struct
1 parent 959bdeb commit 3807a21

File tree

2 files changed

+17
-13
lines changed

2 files changed

+17
-13
lines changed

internal/proxy/configuration.go

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ var (
112112
_ Validator = Configuration{}
113113
_ Validator = ProviderConfig{}
114114
_ Validator = SessionConfig{}
115-
_ Validator = &CookieConfig{}
115+
_ Validator = CookieConfig{}
116116
_ Validator = TTLConfig{}
117117
_ Validator = ClientConfig{}
118118
_ Validator = ServerConfig{}
@@ -244,16 +244,15 @@ func (sc SessionConfig) Validate() error {
244244
}
245245

246246
type CookieConfig struct {
247-
Name string `mapstructure:"name"`
248-
Secret string `mapstructure:"secret"`
249-
Expire time.Duration `mapstructure:"expire"`
250-
Domain string `mapstructure:"domain"`
251-
Secure bool `mapstructure:"secure"`
252-
HTTPOnly bool `mapstructure:"httponly"`
253-
decodedSecret []byte
247+
Name string `mapstructure:"name"`
248+
Secret string `mapstructure:"secret"`
249+
Expire time.Duration `mapstructure:"expire"`
250+
Domain string `mapstructure:"domain"`
251+
Secure bool `mapstructure:"secure"`
252+
HTTPOnly bool `mapstructure:"httponly"`
254253
}
255254

256-
func (cc *CookieConfig) Validate() error {
255+
func (cc CookieConfig) Validate() error {
257256
if cc.Secret == "" {
258257
return fmt.Errorf("no cookie.secret configured")
259258
}
@@ -268,9 +267,7 @@ func (cc *CookieConfig) Validate() error {
268267
validCookieSecretLength = true
269268
}
270269
}
271-
if validCookieSecretLength {
272-
cc.decodedSecret = decodedCookieSecret
273-
} else {
270+
if !validCookieSecretLength {
274271
return fmt.Errorf("invalid value for cookie.secret; must decode to 32 or 64 bytes, but decoded to %d bytes", len(decodedCookieSecret))
275272
}
276273

internal/proxy/options.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package proxy
22

33
import (
4+
"encoding/base64"
45
"encoding/json"
56
"fmt"
67
"io/ioutil"
@@ -20,8 +21,14 @@ import (
2021
// SetCookieStore sets the session and csrf stores as a functional option
2122
func SetCookieStore(cc CookieConfig) func(*OAuthProxy) error {
2223
return func(op *OAuthProxy) error {
24+
25+
decodedCookieSecret, err := base64.StdEncoding.DecodeString(cc.Secret)
26+
if err != nil {
27+
return err
28+
}
29+
2330
cookieStore, err := sessions.NewCookieStore(cc.Name,
24-
sessions.CreateMiscreantCookieCipher(cc.decodedSecret),
31+
sessions.CreateMiscreantCookieCipher(decodedCookieSecret),
2532
func(c *sessions.CookieStore) error {
2633
c.CookieDomain = cc.Domain
2734
c.CookieHTTPOnly = cc.HTTPOnly

0 commit comments

Comments
 (0)