From 8d102ce5d8fb41779506bc7af132ceb5d5646244 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Thu, 26 Aug 2021 21:48:14 +1000
Subject: [PATCH] refactor(session): remove unencrypted session fallback
 (#2314)

This removes a temporary session fallback for unencrypted sessions.
---
 internal/session/encrypting_serializer.go      | 11 +----------
 internal/session/encrypting_serializer_test.go |  6 ++----
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/internal/session/encrypting_serializer.go b/internal/session/encrypting_serializer.go
index 05aef0759..dabffdb9c 100644
--- a/internal/session/encrypting_serializer.go
+++ b/internal/session/encrypting_serializer.go
@@ -49,16 +49,7 @@ func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) error {
 
 	decryptedSrc, err := utils.Decrypt(src, &e.key)
 	if err != nil {
-		// If an error is thrown while decrypting, it's probably an old unencrypted session
-		// so we just unmarshall it without decrypting. It's a way to avoid a breaking change
-		// requiring to flush redis.
-		// TODO(clems4ever): remove in few months
-		_, uerr := dst.UnmarshalMsg(src)
-		if uerr != nil {
-			return fmt.Errorf("unable to decrypt session: %s", err)
-		}
-
-		return nil
+		return fmt.Errorf("unable to decrypt session: %s", err)
 	}
 
 	_, err = dst.UnmarshalMsg(decryptedSrc)
diff --git a/internal/session/encrypting_serializer_test.go b/internal/session/encrypting_serializer_test.go
index 589033ecb..463e14a5e 100644
--- a/internal/session/encrypting_serializer_test.go
+++ b/internal/session/encrypting_serializer_test.go
@@ -29,7 +29,7 @@ func TestShouldEncryptAndDecrypt(t *testing.T) {
 	assert.Equal(t, "value", decodedPayload.Get("key"))
 }
 
-func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
+func TestShouldNotSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
 	payload := session.Dict{}
 	payload.Set("key", "value")
 
@@ -40,7 +40,5 @@ func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
 
 	decodedPayload := session.Dict{}
 	err = serializer.Decode(&decodedPayload, dst)
-	require.NoError(t, err)
-
-	assert.Equal(t, "value", decodedPayload.Get("key"))
+	assert.EqualError(t, err, "unable to decrypt session: cipher: message authentication failed")
 }