зеркало из https://github.com/github/oauth2_proxy.git
Enforce that cookie_refresh < cookie_expire
This commit is contained in:
Родитель
8ec967ac32
Коммит
41b21dd0b1
|
@ -137,6 +137,14 @@ func (o *Options) Validate() error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if o.CookieRefresh >= o.CookieExpire {
|
||||||
|
msgs = append(msgs, fmt.Sprintf(
|
||||||
|
"cookie_refresh (%s) must be less than "+
|
||||||
|
"cookie_expire (%s)",
|
||||||
|
o.CookieRefresh.String(),
|
||||||
|
o.CookieExpire.String()))
|
||||||
|
}
|
||||||
|
|
||||||
if len(msgs) != 0 {
|
if len(msgs) != 0 {
|
||||||
return fmt.Errorf("Invalid configuration:\n %s",
|
return fmt.Errorf("Invalid configuration:\n %s",
|
||||||
strings.Join(msgs, "\n "))
|
strings.Join(msgs, "\n "))
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/bmizerany/assert"
|
"github.com/bmizerany/assert"
|
||||||
)
|
)
|
||||||
|
@ -125,3 +126,15 @@ func TestPassAccessTokenRequiresSpecificCookieSecretLengths(t *testing.T) {
|
||||||
o.CookieSecret = "32 byte secret for AES-256------"
|
o.CookieSecret = "32 byte secret for AES-256------"
|
||||||
assert.Equal(t, nil, o.Validate())
|
assert.Equal(t, nil, o.Validate())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestCookieRefreshMustBeLessThanCookieExpire(t *testing.T) {
|
||||||
|
o := testOptions()
|
||||||
|
assert.Equal(t, nil, o.Validate())
|
||||||
|
|
||||||
|
o.CookieSecret = "0123456789abcdef"
|
||||||
|
o.CookieRefresh = o.CookieExpire
|
||||||
|
assert.NotEqual(t, nil, o.Validate())
|
||||||
|
|
||||||
|
o.CookieRefresh -= time.Duration(1)
|
||||||
|
assert.Equal(t, nil, o.Validate())
|
||||||
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче