Wesley Bitter
b009e17e9c
[bugfix] check for an empty hashKey ( #52 )
...
this scenario might occur when converting from an empty string to
byte slice, such as when reading from a configuration file.
2018-05-18 08:25:24 -07:00
Kamil Kisiel
e59506cc89
README.md: Add sourcegraph badge
2017-02-24 11:38:04 -08:00
Craig Peterson
fa5329f913
[bugfix] Fix NopDecoder
...
* Fixes #41
2016-10-03 06:16:01 +01:00
Kamil Kisiel
c13558c2b1
Add fuzz testing corpus.
2016-08-16 15:23:38 -07:00
Kamil Kisiel
422e448ee4
travis.yml: add go1.7
2016-08-16 11:50:19 -07:00
Kamil Kisiel
ff356348f7
Merge pull request #39 from 0x434D53/master
...
Update Readme: Added HttpOnly, Secure flags for setting the cookie
2016-05-25 13:33:48 -07:00
0x434D53
f5b37263f0
Update Readme: Added HttpOnly, Secure flags for setting the cookie
2016-05-25 16:56:53 +02:00
Matt Silverlock
667fe4e346
Merge branch 'master' of github.com:gorilla/securecookie
2016-04-22 06:45:19 -07:00
Matt Silverlock
4c7f85bfe5
[ci] .travis.yml go vet fix.
2016-04-22 06:44:34 -07:00
Matt Silverlock
a29e8718b6
[feature] NopEncoder: accept/return []byte.
...
[feature] NopEncoder: accept/return []byte.
2016-04-22 06:43:38 -07:00
Matt Silverlock
6ac16e3b5c
[feature] NopEncoder: accept/return []byte.
...
- [docs] Update doc.go for golint.
2016-03-30 21:13:44 -07:00
Matt Silverlock
8dacca2697
Merge pull request #37 from gorilla/ci/travis-go-1.6
...
[ci] Update .travis.yml to build Go 1.6
2016-02-26 13:31:13 -08:00
Matt Silverlock
4d88276705
Update .travis.yml to build Go 1.6
2016-02-26 13:24:46 -08:00
Matt Silverlock
e95799a481
Merge pull request #33 from elithrar/subtle-len-backport
...
Reverts d8773d3
- backports len check for subtle.ConstantTimeCompare.
2015-08-20 16:29:58 +08:00
Matt Silverlock
9479394b87
Reverts d8773d3
- backports len check for subtle.ConstantTimeCompare.
2015-08-20 16:26:03 +08:00
Kamil Kisiel
2e348ac077
Update .travis.yml
2015-08-19 22:17:30 -07:00
Kamil Kisiel
45e43d5d12
Added fuzz testing facilities.
2015-08-18 13:59:32 -07:00
Kamil Kisiel
95995b243b
Merge pull request #30 from elithrar/gen-key-doc
...
Improved documentation for GenerateRandomKey
2015-08-08 08:20:25 -07:00
Matt Silverlock
6d727f0c85
Added note re: using GenerateRandomKey() not persisting keys.
2015-08-08 19:19:02 +08:00
Matt Silverlock
7029a2efc7
Improved warning around GenerateRandomKey.
2015-08-08 19:16:04 +08:00
Kamil Kisiel
c223d6df53
add test for nil hash key
2015-08-06 11:04:18 -07:00
Kamil Kisiel
5237f00be1
Merge pull request #29 from elithrar/codec-maxage-fix
...
Improved documentation for CodecsFromPairs.
2015-08-06 08:27:58 -07:00
Matt Silverlock
84828075d0
Improved documentation for CodecsFromPairs.
...
- Partially addresses https://github.com/gorilla/sessions/issues/48
- Downstream store packages will need to perform the type assertion in their code
- Elected to document this and fix stores rather than add a function to the
public API.
2015-08-06 15:26:37 +08:00
Matt Silverlock
a2b6e9f57e
Merge pull request #27 from s7v7nislands/fix_readme
...
Update block key lengths in README
2015-08-06 15:14:33 +08:00
Kamil Kisiel
ba5126409e
Merge pull request #28 from keunwoo/keunwoo-errors-alt-20150720
...
Make errors more distinguishable
2015-07-27 15:09:43 -07:00
Keunwoo Lee
8cd2140311
Move error type assertions to test file.
...
Per elithrar comment on PR 28:
https://github.com/gorilla/securecookie/pull/28#discussion_r35059831
2015-07-27 10:27:54 -07:00
Keunwoo Lee
ba5d1f998d
Rename errorImpl -> cookieError
...
Per elithrar comment on PR 28:
https://github.com/gorilla/securecookie/pull/28#discussion_r35059597
2015-07-27 10:26:56 -07:00
Keunwoo Lee
9f0025d371
Make errors more distinguishable
...
Prior to this commit, this library raised errors either mostly using
errors.New() or directly passing through error values from underlying
libraries. This made it difficult for clients to respond correctly to
the errors that were returned.
This becomes particularly problematic when securecookie is used together
with gorilla/sessions. From an operations standpoint, you often want to
log different errors when the client simply provides an invalid auth
cookie, versus an I/O error fetching data from the session store. The
former probably indicates an expired timestamp or similar client error;
the latter indicates a possible failure in a backend database.
This commit introduces a public Error interface, which is now returned
consistently on all errors, and can be used to distinguish between
implementation errors (IsUsage() and IsInternal()) and failed validation
of user input (IsDecode()).
See also discussion on pull requests #9 and #24 :
https://github.com/gorilla/securecookie/pull/9
https://github.com/gorilla/securecookie/pull/24
Some interface comments on other API functions have been clarified and
updated to harmonize with the new error interfaces.
2015-07-20 15:00:22 -07:00
s7v7nislands
5a4a7236a0
fix readme
2015-07-17 17:59:40 +08:00
Kamil Kisiel
aeade84400
Merge pull request #26 from Annonomus-Penguin/patch-1
...
Fixed broken link in README
2015-07-16 16:32:44 -07:00
Annonomus-Penguin
26d3ac66fd
Fixed broken link in README
2015-07-16 18:32:13 -05:00
Kamil Kisiel
e8ab2fa5d1
Merge pull request #23 from elithrar/readme-updates
...
Fleshed out the README based on doc.go.
2015-07-05 00:27:28 -07:00
Matt Silverlock
dddbb792b0
Fleshed out the README based on doc.go.
...
- Added mention of the LICENSE.
- Used GFM code blocks for the examples.
- Added mention of the JSON encoder.
2015-07-05 15:13:42 +08:00
Kamil Kisiel
68004d2ba3
Merge pull request #22 from cyx/use-reflect-deepequal
...
Use reflect.DeepEqual instead
2015-06-05 15:53:49 -07:00
Kamil Kisiel
203fca9e22
Merge pull request #21 from elithrar/json-encoder
...
Added support for encoding/json
2015-06-05 15:49:47 -07:00
Cyril David
6dca1ffb59
Use reflect.DeepEqual instead
...
Unless there's something I'm missing, probably better to
delegate this check to the reflect package.
2015-05-25 00:22:56 -07:00
Matt Silverlock
b002d4848c
Merge branch 'json-encoder' of github.com:elithrar/securecookie into json-encoder
2015-05-20 20:56:22 +00:00
Matt Silverlock
3c76054b69
Added a JSON encoder/decoder to securecookie.
...
A new "Serializer" interface with serialize/deserialize methods allows
custom encoders to be specified. encoding/gob remains the default for
compatibility/ease-of-use reasons, but the (often faster) encoding/json
is now an option.
Fixed typo - TestEncription => TestEncryption
2015-05-20 20:49:45 +00:00
Matt Silverlock
9ff68c4826
Fixed typo - TestEncription => TestEncryption
2015-05-16 17:53:12 +00:00
Matt Silverlock
978e3ebada
Added a JSON encoder/decoder to securecookie.
...
A new "Encoder" interface with serialize/deserialize methods allows
custom encoders to be specified. encoding/gob remains the default for
compatibility/ease-of-use reasons, but the (often faster) encoding/json
is now an option.
2015-05-16 17:50:49 +00:00
Kamil Kisiel
8e98dd730f
Merge pull request #19 from dchest/testinvalid
...
Add test for decoding some invalid cookies.
2015-03-27 08:58:05 -07:00
Dmitry Chestnykh
2e358078af
Add test for decoding some invalid cookies.
2015-03-27 16:48:51 +01:00
Kamil Kisiel
ab638a3cc2
Revert "Improve Decode against timing attacks"
...
This reverts commit 1be1b717b7
.
2015-03-27 08:31:10 -07:00
Kamil Kisiel
3609df1fc5
Revert "Commenting retErr and setErr in Decode"
...
This reverts commit c7a729999d
.
2015-03-27 08:31:09 -07:00
Kamil Kisiel
5d52df3629
Revert "A few more comments on decoding."
...
This reverts commit a54a6f264e
.
2015-03-27 08:31:06 -07:00
Kamil Kisiel
a54a6f264e
A few more comments on decoding.
2015-03-17 16:36:01 -07:00
Kamil Kisiel
1dea542d12
Merge pull request #16 from elithrar/patch-1
...
Removed redundant calls to len()
2015-03-17 16:33:49 -07:00
Kamil Kisiel
fec4f16574
Merge pull request #15 from abduelhamit/master
...
Improve Decode against timing attacks
2015-03-17 16:33:24 -07:00
Matt Silverlock
d8773d3e66
Removed redundant calls to len()
...
subtle.ConstantTimeCompare already undertakes a length check internally.
2015-03-18 07:06:26 +08:00
Abdülhamit Yilmaz
c7a729999d
Commenting retErr and setErr in Decode
2015-03-17 23:33:39 +01:00