Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cookies): add {cookie-name}-parts cookie, style: inline formatting #107

Merged
merged 4 commits into from
Nov 4, 2024
Merged

fix(cookies): add {cookie-name}-parts cookie, style: inline formatting #107

merged 4 commits into from
Nov 4, 2024

Conversation

miwig
Copy link
Collaborator

@miwig miwig commented Oct 18, 2024

Please describe your changes and why you made them

This fixes an issue where old cookie parts can be left over, preventing decryption

Does this PR introduce a breaking change?

Nah

Other information and Screenshots (if appropriate)

antonengelhardt
antonengelhardt reviewed Oct 18, 2024
View reviewed changes
src/auth.rs
.get_cookie(&format!("{cookie_name}-parts"))
.unwrap_or_default()
.parse()
.map_err(|_| PluginError::SessionCookieNotFoundError)?;
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically its not the Session Cookie right? We should add another Error for this type as Nonce also has its own error

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is worth the effort. I would consider all of the cookies together "the session cookie" because it doesn't really make a difference to the user which is missing, the end result is the same. In fact, I would like to refactor the error handling completely to use anyhow instead of defining a custom error type with thiserror. Initially I thought we might match on the error variant somewhere and do different things depending on the error, but we don't actually do that. Furthermore, PluginError is just a catch-all error type anyway, that doesn't reflect which errors a function can actually throw. fn validate_cookie(&self) -> Result<AuthorizationState, PluginError> will never return Err(PluginError::CodeNotFoundInCallbackError), but the return type makes it look like it could.

src/session.rs
@@ -109,22 +108,17 @@ impl Session {
cookie_values.push(cookie_value);
}

let num_parts = cookie_values.len();
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a comment which explains what you are doing here :)

antonengelhardt
antonengelhardt approved these changes Nov 4, 2024
View reviewed changes
Copy link
Owner

@antonengelhardt antonengelhardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antonengelhardt antonengelhardt changed the title Cookie fix fix(cookies): add {cookie-name}-parts} cookie, style: inline formatting Nov 4, 2024
@antonengelhardt antonengelhardt changed the title fix(cookies): add {cookie-name}-parts} cookie, style: inline formatting fix(cookies): add {cookie-name}-parts cookie, style: inline formatting Nov 4, 2024
@antonengelhardt antonengelhardt merged commit a6ea31b into mulitple-open-id-providers Nov 4, 2024
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antonengelhardt antonengelhardt antonengelhardt approved these changes

Assignees

@miwig miwig

@antonengelhardt antonengelhardt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miwig @antonengelhardt