mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
refactor(session): remove unencrypted session fallback (#2314)
This removes a temporary session fallback for unencrypted sessions.
This commit is contained in:
parent
0c5c85cbe4
commit
8d102ce5d8
|
@ -49,16 +49,7 @@ func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) error {
|
||||||
|
|
||||||
decryptedSrc, err := utils.Decrypt(src, &e.key)
|
decryptedSrc, err := utils.Decrypt(src, &e.key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// If an error is thrown while decrypting, it's probably an old unencrypted session
|
return fmt.Errorf("unable to decrypt session: %s", err)
|
||||||
// so we just unmarshall it without decrypting. It's a way to avoid a breaking change
|
|
||||||
// requiring to flush redis.
|
|
||||||
// TODO(clems4ever): remove in few months
|
|
||||||
_, uerr := dst.UnmarshalMsg(src)
|
|
||||||
if uerr != nil {
|
|
||||||
return fmt.Errorf("unable to decrypt session: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = dst.UnmarshalMsg(decryptedSrc)
|
_, err = dst.UnmarshalMsg(decryptedSrc)
|
||||||
|
|
|
@ -29,7 +29,7 @@ func TestShouldEncryptAndDecrypt(t *testing.T) {
|
||||||
assert.Equal(t, "value", decodedPayload.Get("key"))
|
assert.Equal(t, "value", decodedPayload.Get("key"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
|
func TestShouldNotSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
|
||||||
payload := session.Dict{}
|
payload := session.Dict{}
|
||||||
payload.Set("key", "value")
|
payload.Set("key", "value")
|
||||||
|
|
||||||
|
@ -40,7 +40,5 @@ func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
|
||||||
|
|
||||||
decodedPayload := session.Dict{}
|
decodedPayload := session.Dict{}
|
||||||
err = serializer.Decode(&decodedPayload, dst)
|
err = serializer.Decode(&decodedPayload, dst)
|
||||||
require.NoError(t, err)
|
assert.EqualError(t, err, "unable to decrypt session: cipher: message authentication failed")
|
||||||
|
|
||||||
assert.Equal(t, "value", decodedPayload.Get("key"))
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user