fix regression in admin service

Update RetrieveBOSSession to unmarshal the bosCookie send by OService ServiceRequest redirect. Before, RetrieveBOSSession was expecting a plain string cookie.
mk6i · Aug 29, 2024 · 94af959 · 94af959
1 parent fac3fb8
commit 94af959
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/foodgroup/auth.go b/foodgroup/auth.go
@@ -123,12 +123,17 @@ func (s AuthService) RegisterBOSSession(authCookie []byte) (*state.Session, erro
 
 // RetrieveBOSSession returns a user's existing session
 func (s AuthService) RetrieveBOSSession(authCookie []byte) (*state.Session, error) {
-	screenName, err := s.cookieBaker.Crack(authCookie)
+	buf, err := s.cookieBaker.Crack(authCookie)
 	if err != nil {
 		return nil, err
 	}
 
-	u, err := s.userManager.User(state.NewIdentScreenName(string(screenName)))
+	c := bosCookie{}
+	if err := wire.UnmarshalBE(&c, bytes.NewBuffer(buf)); err != nil {
+		return nil, err
+	}
+
+	u, err := s.userManager.User(state.NewIdentScreenName(c.ScreenName.String()))
 	if err != nil {
 		return nil, fmt.Errorf("failed to retrieve user: %w", err)
 	}

diff --git a/foodgroup/auth_test.go b/foodgroup/auth_test.go
@@ -1193,17 +1193,22 @@ func TestAuthService_RegisterBOSSession(t *testing.T) {
 func TestAuthService_RetrieveBOSSession_HappyPath(t *testing.T) {
 	sess := newTestSession("screen-name")
 
+	aimAuthCookie := bosCookie{
+		ScreenName: sess.DisplayScreenName(),
+	}
+	buf := &bytes.Buffer{}
+	assert.NoError(t, wire.MarshalBE(aimAuthCookie, buf))
+	authCookie := buf.Bytes()
+
 	sessionManager := newMockSessionManager(t)
 	sessionManager.EXPECT().
 		RetrieveSession(sess.IdentScreenName()).
 		Return(sess)
 
-	authCookie := []byte(`the-auth-cookie`)
-
 	cookieBaker := newMockCookieBaker(t)
 	cookieBaker.EXPECT().
 		Crack(authCookie).
-		Return([]byte("screen-name"), nil)
+		Return(authCookie, nil)
 
 	userManager := newMockUserManager(t)
 	userManager.EXPECT().
@@ -1220,17 +1225,23 @@ func TestAuthService_RetrieveBOSSession_HappyPath(t *testing.T) {
 func TestAuthService_RetrieveBOSSession_SessionNotFound(t *testing.T) {
 	sess := newTestSession("screen-name")
 
+	aimAuthCookie := bosCookie{
+		ScreenName: sess.DisplayScreenName(),
+	}
+	buf := &bytes.Buffer{}
+	assert.NoError(t, wire.MarshalBE(aimAuthCookie, buf))
+	authCookie := buf.Bytes()
+
 	sessionManager := newMockSessionManager(t)
 	sessionManager.EXPECT().
 		RetrieveSession(sess.IdentScreenName()).
 		Return(nil)
 
-	authCookie := []byte(`the-auth-cookie`)
 	cookieBaker := newMockCookieBaker(t)
 
 	cookieBaker.EXPECT().
 		Crack(authCookie).
-		Return([]byte("screen-name"), nil)
+		Return(authCookie, nil)
 
 	userManager := newMockUserManager(t)
 	userManager.EXPECT().