Merge pull request #1 from ploxiln/session_state_htpasswd

ploxiln · web-flow · commit 7b438054e11e · 2018-11-23T13:06:13.000-05:00
fix htpasswd auth when cookie-refresh is enabled
diff --git a/oauthproxy.go b/oauthproxy.go
@@ -637,7 +637,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
 	if err != nil {
 		log.Printf("%s %s", remoteAddr, err)
 	}
-	if session != nil && sessionAge > p.CookieRefresh && p.CookieRefresh != time.Duration(0) {
+	if session != nil && p.CookieRefresh != time.Duration(0) && sessionAge > p.CookieRefresh && session.AccessToken != "" {
 		log.Printf("%s refreshing %s old session cookie for %s (refresh after %s)", remoteAddr, sessionAge, session, p.CookieRefresh)
 		saveSession = true
 	}
@@ -658,12 +658,16 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
 		clearSession = true
 	}
 
-	if saveSession && !revalidated && session != nil && session.AccessToken != "" {
-		if !p.provider.ValidateSessionState(session) {
-			log.Printf("%s removing session. error validating %s", remoteAddr, session)
+	if saveSession && !revalidated && session != nil {
+		if session.AccessToken != "" {
+			if !p.provider.ValidateSessionState(session) {
+				log.Printf("%s removing session. error validating %s", remoteAddr, session)
+				saveSession = false
+				session = nil
+				clearSession = true
+			}
+		} else {
 			saveSession = false
-			session = nil
-			clearSession = true
 		}
 	}
 
diff --git a/providers/session_state.go b/providers/session_state.go
@@ -85,11 +85,12 @@ func decodeSessionStatePlain(v string) (s *SessionState, err error) {
 }
 
 func DecodeSessionState(v string, c *cookie.Cipher) (s *SessionState, err error) {
-	if c == nil {
+	chunks := strings.Split(v, "|")
+
+	if c == nil || len(chunks) == 1 {
 		return decodeSessionStatePlain(v)
 	}
 
-	chunks := strings.Split(v, "|")
 	if len(chunks) != 4 {
 		err = fmt.Errorf("invalid number of fields (got %d expected 4)", len(chunks))
 		return

Original file line number	Diff line number	Diff line change
`@@ -637,7 +637,7 @@ func (p OAuthProxy) Authenticate(rw http.ResponseWriter, req http.Request) int`
`637`	`637`	`if err != nil {`
`638`	`638`	`log.Printf("%s %s", remoteAddr, err)`
`639`	`639`	`}`
`640`		`- if session != nil && sessionAge > p.CookieRefresh && p.CookieRefresh != time.Duration(0) {`
	`640`	`+ if session != nil && p.CookieRefresh != time.Duration(0) && sessionAge > p.CookieRefresh && session.AccessToken != "" {`
`641`	`641`	`log.Printf("%s refreshing %s old session cookie for %s (refresh after %s)", remoteAddr, sessionAge, session, p.CookieRefresh)`
`642`	`642`	`saveSession = true`
`643`	`643`	`}`
`@@ -658,12 +658,16 @@ func (p OAuthProxy) Authenticate(rw http.ResponseWriter, req http.Request) int`
`658`	`658`	`clearSession = true`
`659`	`659`	`}`
`660`	`660`
`661`		`- if saveSession && !revalidated && session != nil && session.AccessToken != "" {`
`662`		`- if !p.provider.ValidateSessionState(session) {`
`663`		`- log.Printf("%s removing session. error validating %s", remoteAddr, session)`
	`661`	`+ if saveSession && !revalidated && session != nil {`
	`662`	`+ if session.AccessToken != "" {`
	`663`	`+ if !p.provider.ValidateSessionState(session) {`
	`664`	`+ log.Printf("%s removing session. error validating %s", remoteAddr, session)`
	`665`	`+ saveSession = false`
	`666`	`+ session = nil`
	`667`	`+ clearSession = true`
	`668`	`+ }`
	`669`	`+ } else {`
`664`	`670`	`saveSession = false`
`665`		`- session = nil`
`666`		`- clearSession = true`
`667`	`671`	`}`
`668`	`672`	`}`
`669`	`673`
Original file line number	Diff line number	Diff line change
`@@ -85,11 +85,12 @@ func decodeSessionStatePlain(v string) (s *SessionState, err error) {`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`func DecodeSessionState(v string, c cookie.Cipher) (s SessionState, err error) {`
`88`		`- if c == nil {`
	`88`	`+ chunks := strings.Split(v, "\|")`
	`89`	`+`
	`90`	`+ if c == nil \|\| len(chunks) == 1 {`
`89`	`91`	`return decodeSessionStatePlain(v)`
`90`	`92`	`}`
`91`	`93`
`92`		`- chunks := strings.Split(v, "\|")`
`93`	`94`	`if len(chunks) != 4 {`
`94`	`95`	`err = fmt.Errorf("invalid number of fields (got %d expected 4)", len(chunks))`
`95`	`96`	`return`