fix #92 default to jwt.maxage, warn if exceeds jwt.maxage, as minutes

vouch · Apr 19, 2019 · 998906f · 998906f
1 parent f9f4450
commit 998906f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 15 deletions.
diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go
@@ -342,13 +342,13 @@ func BasicTest() error {
 			minBase64Length)
 	}
 	if Cfg.Cookie.MaxAge < 0 {
-		return errors.New("configuration error: cookie maxAge cannot be lower than 0")
+		return fmt.Errorf("configuration error: cookie maxAge cannot be lower than 0 (currently: %d)", Cfg.Cookie.MaxAge)
 	}
 	if Cfg.JWT.MaxAge <= 0 {
-		return errors.New("configuration error: JWT maxAge cannot be zero or lower")
+		return fmt.Errorf("configuration error: JWT maxAge cannot be zero or lower (currently: %d)", Cfg.JWT.MaxAge)
 	}
 	if Cfg.Cookie.MaxAge > Cfg.JWT.MaxAge {
-		return errors.New("configuration error: Cookie maxAge cannot be larger than the JWT maxAge")
+		return fmt.Errorf("configuration error: Cookie maxAge (%d) cannot be larger than the JWT maxAge (%d)", Cfg.Cookie.MaxAge, Cfg.JWT.MaxAge)
 	}
 	return nil
 }
@@ -426,7 +426,13 @@ func SetDefaults() {
 		Cfg.Cookie.HTTPOnly = true
 	}
 	if !viper.IsSet(Branding.LCName + ".cookie.maxAge") {
-		Cfg.Cookie.MaxAge = Cfg.JWT.MaxAge * 60
+		Cfg.Cookie.MaxAge = Cfg.JWT.MaxAge
+	} else {
+		// it is set!  is it bigger than jwt.maxage?
+		if Cfg.Cookie.MaxAge > Cfg.JWT.MaxAge {
+			log.Warnf("setting `%s.cookie.maxage` to `%s.jwt.maxage` value of %d minutes (curently set to %d minutes)", Branding.LCName, Branding.LCName, Cfg.JWT.MaxAge, Cfg.Cookie.MaxAge)
+			Cfg.Cookie.MaxAge = Cfg.JWT.MaxAge
+		}
 	}
 
 	// headers defaults
@@ -471,7 +477,7 @@ func SetDefaults() {
 	if viper.IsSet(Branding.LCName + ".test_url") {
 		Cfg.TestURLs = append(Cfg.TestURLs, Cfg.TestURL)
 	}
-	// TODO: proably change this name, maybe set the domain/port the webapp runs on
+	// TODO: probably change this name, maybe set the domain/port the webapp runs on
 	if !viper.IsSet(Branding.LCName + ".webapp") {
 		Cfg.WebApp = false
 	}

diff --git a/pkg/cookie/cookie.go b/pkg/cookie/cookie.go
@@ -13,7 +13,7 @@ var log = cfg.Cfg.Logger
 
 // SetCookie http
 func SetCookie(w http.ResponseWriter, r *http.Request, val string) {
-	setCookie(w, r, val, cfg.Cfg.Cookie.MaxAge)
+	setCookie(w, r, val, cfg.Cfg.Cookie.MaxAge*60) // convert minutes to seconds
 }
 
 func setCookie(w http.ResponseWriter, r *http.Request, val string, maxAge int) {
@@ -27,15 +27,15 @@ func setCookie(w http.ResponseWriter, r *http.Request, val string, maxAge int) {
 	// log.Debugf("cookie %s expires %d", cfg.Cfg.Cookie.Name, expires)
 	// Cookies get deleted after the current session (when the browser closes) when no expires or maxage setting is set,
 	// or when expires is set to 0.
-		http.SetCookie(w, &http.Cookie{
-			Name:     cfg.Cfg.Cookie.Name,
-			Value:    val,
-			Path:     "/",
-			Domain:   domain,
-			MaxAge:   maxAge,
-			Secure:   cfg.Cfg.Cookie.Secure,
-			HttpOnly: cfg.Cfg.Cookie.HTTPOnly,
-		})
+	http.SetCookie(w, &http.Cookie{
+		Name:     cfg.Cfg.Cookie.Name,
+		Value:    val,
+		Path:     "/",
+		Domain:   domain,
+		MaxAge:   maxAge,
+		Secure:   cfg.Cfg.Cookie.Secure,
+		HttpOnly: cfg.Cfg.Cookie.HTTPOnly,
+	})
 }
 
 // Cookie get the vouch jwt cookie