| OLD | NEW |
|---|
| 1 // Copyright 2015 The LUCI Authors. All rights reserved. | 1 // Copyright 2015 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package openid | 5 package openid |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "net/http" | 8 "net/http" |
| 9 "time" | 9 "time" |
| 10 | 10 |
| 11 "github.com/luci/luci-go/common/clock" | 11 "github.com/luci/luci-go/common/clock" |
| 12 "github.com/luci/luci-go/common/errors" | |
| 13 "github.com/luci/luci-go/common/logging" | 12 "github.com/luci/luci-go/common/logging" |
| 13 "github.com/luci/luci-go/common/retry/transient" |
| 14 "github.com/luci/luci-go/server/tokens" | 14 "github.com/luci/luci-go/server/tokens" |
| 15 "golang.org/x/net/context" | 15 "golang.org/x/net/context" |
| 16 ) | 16 ) |
| 17 | 17 |
| 18 // sessionCookieName is actual cookie name to set. | 18 // sessionCookieName is actual cookie name to set. |
| 19 const sessionCookieName = "oid_session" | 19 const sessionCookieName = "oid_session" |
| 20 | 20 |
| 21 // sessionCookieToken is used to generate signed cookies that hold session ID. | 21 // sessionCookieToken is used to generate signed cookies that hold session ID. |
| 22 var sessionCookieToken = tokens.TokenKind{ | 22 var sessionCookieToken = tokens.TokenKind{ |
| 23 Algo: tokens.TokenAlgoHmacSHA256, | 23 Algo: tokens.TokenAlgoHmacSHA256, |
| (...skipping 26 matching lines...) Expand all Loading... |
| 50 // decodeSessionCookie takes an incoming request and returns a session ID stored | 50 // decodeSessionCookie takes an incoming request and returns a session ID stored |
| 51 // in a session cookie, or "" if not there, invalid or expired. Returns errors | 51 // in a session cookie, or "" if not there, invalid or expired. Returns errors |
| 52 // on transient errors only. | 52 // on transient errors only. |
| 53 func decodeSessionCookie(c context.Context, r *http.Request) (string, error) { | 53 func decodeSessionCookie(c context.Context, r *http.Request) (string, error) { |
| 54 cookie, err := r.Cookie(sessionCookieName) | 54 cookie, err := r.Cookie(sessionCookieName) |
| 55 if err != nil { | 55 if err != nil { |
| 56 return "", nil // no such cookie | 56 return "", nil // no such cookie |
| 57 } | 57 } |
| 58 payload, err := sessionCookieToken.Validate(c, cookie.Value, nil) | 58 payload, err := sessionCookieToken.Validate(c, cookie.Value, nil) |
| 59 switch { | 59 switch { |
| 60 » case errors.IsTransient(err): | 60 » case transient.Tag.In(err): |
| 61 return "", err | 61 return "", err |
| 62 case err != nil: | 62 case err != nil: |
| 63 logging.Warningf(c, "Failed to decode session cookie %q: %s", co
okie.Value, err) | 63 logging.Warningf(c, "Failed to decode session cookie %q: %s", co
okie.Value, err) |
| 64 return "", nil | 64 return "", nil |
| 65 case payload["sid"] == "": | 65 case payload["sid"] == "": |
| 66 logging.Warningf(c, "No 'sid' key in cookie payload %v", payload
) | 66 logging.Warningf(c, "No 'sid' key in cookie payload %v", payload
) |
| 67 return "", nil | 67 return "", nil |
| 68 } | 68 } |
| 69 return payload["sid"], nil | 69 return payload["sid"], nil |
| 70 } | 70 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2951393002:
[errors] de-specialize Transient in favor of Tags. (Closed)
