diff --git a/internal/session/encrypting_serializer.go b/internal/session/encrypting_serializer.go index 05aef075..dabffdb9 100644 --- a/internal/session/encrypting_serializer.go +++ b/internal/session/encrypting_serializer.go @@ -49,16 +49,7 @@ func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) error { decryptedSrc, err := utils.Decrypt(src, &e.key) if err != nil { - // If an error is thrown while decrypting, it's probably an old unencrypted session - // so we just unmarshall it without decrypting. It's a way to avoid a breaking change - // requiring to flush redis. - // TODO(clems4ever): remove in few months - _, uerr := dst.UnmarshalMsg(src) - if uerr != nil { - return fmt.Errorf("unable to decrypt session: %s", err) - } - - return nil + return fmt.Errorf("unable to decrypt session: %s", err) } _, err = dst.UnmarshalMsg(decryptedSrc) diff --git a/internal/session/encrypting_serializer_test.go b/internal/session/encrypting_serializer_test.go index 589033ec..463e14a5 100644 --- a/internal/session/encrypting_serializer_test.go +++ b/internal/session/encrypting_serializer_test.go @@ -29,7 +29,7 @@ func TestShouldEncryptAndDecrypt(t *testing.T) { assert.Equal(t, "value", decodedPayload.Get("key")) } -func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) { +func TestShouldNotSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) { payload := session.Dict{} payload.Set("key", "value") @@ -40,7 +40,5 @@ func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) { decodedPayload := session.Dict{} err = serializer.Decode(&decodedPayload, dst) - require.NoError(t, err) - - assert.Equal(t, "value", decodedPayload.Get("key")) + assert.EqualError(t, err, "unable to decrypt session: cipher: message authentication failed") }