mysteriumnetwork · Waldz · Sep 18, 2018 · Sep 17, 2018 · Sep 17, 2018 · Sep 18, 2018
@@ -96,8 +96,7 @@ func NewManager(
 				serviceOptions.OpenvpnProtocol,
 			)
 
-			ovpnSessionManager := openvpn_session.NewManager(manager)
-			sessionValidator := openvpn_session.NewValidator(ovpnSessionManager, identity.NewExtractor())
+			sessionValidator := openvpn_session.NewValidator(manager, identity.NewExtractor())
 
 			return openvpn_node.NewServer(
 				nodeOptions.Openvpn.BinaryPath,

@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2018 The "MysteriumNetwork/node" Authors.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package session
+
+import (
+	"errors"
+	"sync"
+
+	"github.com/mysteriumnetwork/node/session"
+)
+
+type clientMap struct {
+	sessionManager   session.Manager
+	sessionClientIDs map[session.SessionID]int
+	sessionMapLock   sync.Mutex
+}
+
+// FindClientSession returns OpenVPN session instance by given session id
+func (cm *clientMap) FindClientSession(clientID int, id session.SessionID) (session.Session, bool, error) {
+	sessionInstance, sessionExist := cm.sessionManager.FindSession(id)
+	if !sessionExist {
+		return session.Session{}, false, errors.New("no underlying session exists, possible break-in attempt")
+	}
+
+	sessionClientID, clientIDExist := cm.sessionClientIDs[id]
+	if clientIDExist && clientID != sessionClientID {
+		return sessionInstance, false, errors.New("provided clientID does not mach active clientID")
+	}
+
+	return sessionInstance, clientIDExist, nil
+}
+
+// UpdateClientSession updates OpenVPN session with clientID, returns false on clientID conflict
+func (cm *clientMap) UpdateClientSession(clientID int, id session.SessionID) bool {
+	cm.sessionMapLock.Lock()
+	defer cm.sessionMapLock.Unlock()
+
+	_, clientIDExist := cm.sessionClientIDs[id]
+	if !clientIDExist {
+		cm.sessionClientIDs[id] = clientID
+	}
+
+	return cm.sessionClientIDs[id] == clientID
+}
+
+// RemoveSession removes given session from underlying session managers
+func (cm *clientMap) RemoveSession(id session.SessionID) error {
+	cm.sessionMapLock.Lock()
+	defer cm.sessionMapLock.Unlock()
+
+	_, clientIDExist := cm.sessionManager.FindSession(id)
+	if !clientIDExist {
+		return errors.New("no underlying session exists: " + string(id))
+	}
+
+	cm.sessionManager.RemoveSession(id)
+	delete(cm.sessionClientIDs, id)
+	return nil
+}
@@ -22,8 +22,6 @@ import (
 
 	"github.com/mysteriumnetwork/node/openvpn/management"
 	"github.com/mysteriumnetwork/node/openvpn/middlewares/server/auth"
-	"github.com/mysteriumnetwork/node/session"
-
 	"github.com/stretchr/testify/assert"
 )
 
@@ -32,7 +30,6 @@ type fakeAuthenticatorStub struct {
 	password      string
 	called        bool
 	authenticated bool
-	manager       session.Manager
 }
 
 func (f *fakeAuthenticatorStub) fakeAuthenticator(clientID int, username, password string) (bool, error) {

@@ -18,7 +18,7 @@
 package session
 
 import (
-	"errors"
+	"sync"
 
 	"github.com/mysteriumnetwork/node/identity"
 	"github.com/mysteriumnetwork/node/session"
@@ -29,14 +29,18 @@ const SignaturePrefix = "MystVpnSessionId:"
 
 // Validator structure that keeps attributes needed Validator operations
 type Validator struct {
-	sessionManager    *manager
+	clientMap         *clientMap
 	identityExtractor identity.Extractor
 }
 
 // NewValidator return Validator instance
-func NewValidator(m *manager, extractor identity.Extractor) *Validator {
+func NewValidator(sessionManager session.Manager, extractor identity.Extractor) *Validator {
 	return &Validator{
-		sessionManager:    m,
+		clientMap: &clientMap{
+			sessionManager:   sessionManager,
+			sessionClientIDs: make(map[session.SessionID]int),
+			sessionMapLock:   sync.Mutex{},
+		},
 		identityExtractor: extractor,
 	}
 }
@@ -45,14 +49,14 @@ func NewValidator(m *manager, extractor identity.Extractor) *Validator {
 // it expects session id as username, and session signature signed by client as password
 func (v *Validator) Validate(clientID int, sessionString, signatureString string) (bool, error) {
 	sessionID := session.SessionID(sessionString)
-	currentSession, found, err := v.sessionManager.FindSession(clientID, sessionID)
+	currentSession, found, err := v.clientMap.FindClientSession(clientID, sessionID)
 
 	if err != nil {
 		return false, err
 	}
 
 	if !found {
-		v.sessionManager.UpdateSession(clientID, sessionID)
+		v.clientMap.UpdateClientSession(clientID, sessionID)
 	}
 
 	signature := identity.SignatureBase64(signatureString)
@@ -66,12 +70,6 @@ func (v *Validator) Validate(clientID int, sessionString, signatureString string
 // Cleanup removes session from underlying session managers
 func (v *Validator) Cleanup(sessionString string) error {
 	sessionID := session.SessionID(sessionString)
-	_, found := v.sessionManager.sessionManager.FindSession(sessionID)
 
-	if !found {
-		return errors.New("no underlying session exists: " + sessionString)
-	}
-
-	v.sessionManager.RemoveSession(sessionID)
-	return nil
+	return v.clientMap.RemoveSession(sessionID)
 }
@@ -34,7 +34,7 @@ type MockIdentityExtractor struct {
 	OnExtractReturnError    error
 }
 
-// MockSessionManager mocked session manager
+// MockSessionManager mocked session clientMap
 type MockSessionManager struct {
 	OnFindReturnSession session.Session
 	OnFindReturnSuccess bool

@@ -18,7 +18,6 @@
 package session
 
 import (
-	"sync"
 	"testing"
 
 	"github.com/mysteriumnetwork/node/identity"
@@ -40,22 +39,18 @@ var mockExtractor = &MockIdentityExtractor{
 	nil,
 }
 
-var fakeManager = NewManager(mockManager)
-
-var mockValidator = NewValidator(fakeManager, mockExtractor)
+var mockValidator = NewValidator(mockManager, mockExtractor)
 
 func TestValidateReturnsFalseWhenNoSessionFound(t *testing.T) {
 	mockExtractor := &MockIdentityExtractor{}
-
 	sessionManager := session.NewManager(
 		mockedConfigProvider,
 		&session.GeneratorFake{
 			SessionIdMock: session.SessionID("mocked-id"),
 		},
 	)
 
-	manager := &manager{sessionManager, make(map[session.SessionID]int), sync.Mutex{}}
-	mockValidator := &Validator{manager, mockExtractor}
+	mockValidator := NewValidator(sessionManager, mockExtractor)
 	authenticated, err := mockValidator.Validate(1, "not important", "not important")
 
 	assert.Errorf(t, err, "no underlying session exists, possible break-in attempt")
@@ -68,8 +63,7 @@ func TestValidateReturnsFalseWhenSignatureIsInvalid(t *testing.T) {
 		nil,
 	}
 
-	mockValidator := &Validator{fakeManager, mockExtractor}
-
+	mockValidator := NewValidator(mockManager, mockExtractor)
 	authenticated, err := mockValidator.Validate(1, "not important", "not important")
 
 	assert.NoError(t, err)
@@ -102,7 +96,8 @@ func TestValidateReturnsTrueWhenSessionExistsAndSignatureIsValidAndClientIDMatch
 func TestCleanupReturnsNoErrorIfSessionIsCleared(t *testing.T) {
 	mockValidator.Validate(1, "not important", "not important")
 	err := mockValidator.Cleanup("not important")
-	_, found, _ := fakeManager.FindSession(1, "not important")
+
+	_, found, _ := mockValidator.clientMap.FindClientSession(1, "not important")
 	assert.False(t, found)
 	assert.NoError(t, err)
 }
@@ -113,9 +108,8 @@ func TestCleanupReturnsErrorIfSessionNotExists(t *testing.T) {
 		identity.FromAddress("deadbeef"),
 		nil,
 	}
-	fakeManager := NewManager(mockManager)
-	mockValidator := NewValidator(fakeManager, mockExtractor)
 
+	mockValidator := NewValidator(mockManager, mockExtractor)
 	err := mockValidator.Cleanup("nonexistent_session")
 
 	assert.Errorf(t, err, "no underlying session exists: nonexistent_session")