refactor(session): remove unencrypted session fallback (#2314)

This removes a temporary session fallback for unencrypted sessions.
pull/2318/head
James Elliott 2021-08-26 21:48:14 +10:00 committed by GitHub
parent 0c5c85cbe4
commit 8d102ce5d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 14 deletions

View File

@ -49,16 +49,7 @@ func (e *EncryptingSerializer) Decode(dst *session.Dict, src []byte) error {
decryptedSrc, err := utils.Decrypt(src, &e.key) decryptedSrc, err := utils.Decrypt(src, &e.key)
if err != nil { if err != nil {
// If an error is thrown while decrypting, it's probably an old unencrypted session return fmt.Errorf("unable to decrypt session: %s", err)
// so we just unmarshall it without decrypting. It's a way to avoid a breaking change
// requiring to flush redis.
// TODO(clems4ever): remove in few months
_, uerr := dst.UnmarshalMsg(src)
if uerr != nil {
return fmt.Errorf("unable to decrypt session: %s", err)
}
return nil
} }
_, err = dst.UnmarshalMsg(decryptedSrc) _, err = dst.UnmarshalMsg(decryptedSrc)

View File

@ -29,7 +29,7 @@ func TestShouldEncryptAndDecrypt(t *testing.T) {
assert.Equal(t, "value", decodedPayload.Get("key")) assert.Equal(t, "value", decodedPayload.Get("key"))
} }
func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) { func TestShouldNotSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
payload := session.Dict{} payload := session.Dict{}
payload.Set("key", "value") payload.Set("key", "value")
@ -40,7 +40,5 @@ func TestShouldSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
decodedPayload := session.Dict{} decodedPayload := session.Dict{}
err = serializer.Decode(&decodedPayload, dst) err = serializer.Decode(&decodedPayload, dst)
require.NoError(t, err) assert.EqualError(t, err, "unable to decrypt session: cipher: message authentication failed")
assert.Equal(t, "value", decodedPayload.Get("key"))
} }