mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
refactor(session): remove unencrypted session fallback (#2314)
This removes a temporary session fallback for unencrypted sessions.
This commit is contained in:
parent
0c5c85cbe4
commit
8d102ce5d8
|
@ -49,16 +49,7 @@ func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) error {
|
|||
|
||||
decryptedSrc, err := utils.Decrypt(src, &e.key)
|
||||
if err != nil {
|
||||
// If an error is thrown while decrypting, it's probably an old unencrypted session
|
||||
// so we just unmarshall it without decrypting. It's a way to avoid a breaking change
|
||||
// requiring to flush redis.
|
||||
// TODO(clems4ever): remove in few months
|
||||
_, uerr := dst.UnmarshalMsg(src)
|
||||
if uerr != nil {
|
||||
return fmt.Errorf("unable to decrypt session: %s", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
return fmt.Errorf("unable to decrypt session: %s", err)
|
||||
}
|
||||
|
||||
_, err = dst.UnmarshalMsg(decryptedSrc)
|
||||
|
|
|
@ -29,7 +29,7 @@ func TestShouldEncryptAndDecrypt(t *testing.T) {
|
|||
assert.Equal(t, "value", decodedPayload.Get("key"))
|
||||
}
|
||||
|
||||
func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
|
||||
func TestShouldNotSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
|
||||
payload := session.Dict{}
|
||||
payload.Set("key", "value")
|
||||
|
||||
|
@ -40,7 +40,5 @@ func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
|
|||
|
||||
decodedPayload := session.Dict{}
|
||||
err = serializer.Decode(&decodedPayload, dst)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, "value", decodedPayload.Get("key"))
|
||||
assert.EqualError(t, err, "unable to decrypt session: cipher: message authentication failed")
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user