Skip to content

Commit

Permalink
Merge pull request #1 from ploxiln/session_state_htpasswd
Browse files Browse the repository at this point in the history 
fix htpasswd auth when cookie-refresh is enabled
  • Loading branch information
@ploxiln
ploxiln authored Nov 23, 2018
2 parents 81b13fb + a4c57be commit 7b43805
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 8 deletions.
16 changes: 10 additions & 6 deletions oauthproxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -637,7 +637,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
if err != nil {
log.Printf("%s %s", remoteAddr, err)
}
if session != nil && sessionAge > p.CookieRefresh && p.CookieRefresh != time.Duration(0) {
if session != nil && p.CookieRefresh != time.Duration(0) && sessionAge > p.CookieRefresh && session.AccessToken != "" {
log.Printf("%s refreshing %s old session cookie for %s (refresh after %s)", remoteAddr, sessionAge, session, p.CookieRefresh)
saveSession = true
}
Expand All @@ -658,12 +658,16 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
clearSession = true
}

if saveSession && !revalidated && session != nil && session.AccessToken != "" {
if !p.provider.ValidateSessionState(session) {
log.Printf("%s removing session. error validating %s", remoteAddr, session)
if saveSession && !revalidated && session != nil {
if session.AccessToken != "" {
if !p.provider.ValidateSessionState(session) {
log.Printf("%s removing session. error validating %s", remoteAddr, session)
saveSession = false
session = nil
clearSession = true
}
} else {
saveSession = false
session = nil
clearSession = true
}
}

Expand Down
5 changes: 3 additions & 2 deletions providers/session_state.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,12 @@ func decodeSessionStatePlain(v string) (s *SessionState, err error) {
}

func DecodeSessionState(v string, c *cookie.Cipher) (s *SessionState, err error) {
if c == nil {
chunks := strings.Split(v, "|")

if c == nil || len(chunks) == 1 {
return decodeSessionStatePlain(v)
}

chunks := strings.Split(v, "|")
if len(chunks) != 4 {
err = fmt.Errorf("invalid number of fields (got %d expected 4)", len(chunks))
return
Expand Down

0 comments on commit 7b43805

Please sign in to comment.