Skip to content

Commit

Permalink
fix: ignore cookie auth when no cookies set
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr committed Feb 25, 2021
1 parent ef9153e commit c84d880
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
4 changes: 3 additions & 1 deletion pipeline/authn/authenticator_cookie_session.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,14 +112,16 @@ func (a *AuthenticatorCookieSession) Authenticate(r *http.Request, session *Auth
}

func cookieSessionResponsible(r *http.Request, only []string) bool {
if len(only) == 0 {
if len(only) == 0 && len(r.Cookies()) > 0 {
return true
}

for _, cookieName := range only {
if _, err := r.Cookie(cookieName); err == nil {
return true
}
}

return false
}

Expand Down
12 changes: 12 additions & 0 deletions pipeline/authn/authenticator_cookie_session_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,18 @@ func TestAuthenticatorCookieSession(t *testing.T) {
assert.Empty(t, requestRecorder.requests)
})

t.Run("description=should fallthrough if is missing and it has no cookies", func(t *testing.T) {
testServer, requestRecorder := makeServer(200, `{}`)
err := pipelineAuthenticator.Authenticate(
makeRequest("GET", "/", map[string]string{}, ""),
session,
json.RawMessage(fmt.Sprintf(`{"check_session_url": "%s"}`, testServer.URL)),
nil,
)
assert.Equal(t, errors.Cause(err), ErrAuthenticatorNotResponsible)
assert.Empty(t, requestRecorder.requests)
})

t.Run("description=should not fallthrough if only is specified and cookie specified is set", func(t *testing.T) {
testServer, _ := makeServer(200, `{}`)
err := pipelineAuthenticator.Authenticate(
Expand Down

0 comments on commit c84d880

Please sign in to comment.