Mock now in CSRF struct instead of package

oauth2-proxy · Mar 6, 2021 · e7d86ce · e7d86ce
1 parent 89aadd9
commit e7d86ce
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 9 deletions.
diff --git a/pkg/cookies/csrf.go b/pkg/cookies/csrf.go
@@ -12,8 +12,6 @@ import (
 	"github.com/vmihailenco/msgpack/v4"
 )
 
-var now = time.Now
-
 // CSRF manages various nonces stored in the CSRF cookie during the initial
 // authentication flows.
 type CSRF interface {
@@ -40,6 +38,7 @@ type csrf struct {
 	OIDCNonce []byte `msgpack:"n,omitempty"`
 
 	cookieOpts *options.Cookie
+	nowFunc    func() time.Time
 }
 
 // NewCSRF creates a CSRF with random nonces
@@ -110,7 +109,7 @@ func (c csrf) SetCookie(rw http.ResponseWriter, req *http.Request) (*http.Cookie
 		encoded,
 		c.cookieOpts,
 		c.cookieOpts.Expire,
-		now(),
+		c.now(),
 	)
 	http.SetCookie(rw, cookie)
 
@@ -125,7 +124,7 @@ func (c csrf) ClearCookie(rw http.ResponseWriter, req *http.Request) {
 		"",
 		c.cookieOpts,
 		time.Hour*-1,
-		now(),
+		c.now(),
 	))
 }
 
@@ -142,7 +141,7 @@ func (c csrf) encodeCookie() (string, error) {
 		return "", err
 	}
 
-	return encryption.SignedValue(c.cookieOpts.Secret, c.cookieName(), encrypted, now())
+	return encryption.SignedValue(c.cookieOpts.Secret, c.cookieName(), encrypted, c.now())
 }
 
 // decodeCSRFCookie validates the signature then decrypts and decodes a CSRF
@@ -174,6 +173,13 @@ func (c csrf) cookieName() string {
 	return csrfCookieName(c.cookieOpts)
 }
 
+func (c csrf) now() time.Time {
+	if c.nowFunc != nil {
+		return c.nowFunc()
+	}
+	return time.Now()
+}
+
 func csrfCookieName(opts *options.Cookie) string {
 	return fmt.Sprintf("%v_csrf", opts.Name)
 }

diff --git a/pkg/cookies/csrf_test.go b/pkg/cookies/csrf_test.go
@@ -119,10 +119,14 @@ var _ = Describe("CSRF Cookie Tests", func() {
 
 	Context("Cookie Management", func() {
 		var req *http.Request
+		var origNow func() time.Time
+
+		testNow := time.Unix(nowEpoch, 0)
 
 		BeforeEach(func() {
-			now = func() time.Time {
-				return time.Unix(nowEpoch, 0)
+			origNow = privateCSRF.nowFunc
+			privateCSRF.nowFunc = func() time.Time {
+				return testNow
 			}
 
 			req = &http.Request{
@@ -138,6 +142,10 @@ var _ = Describe("CSRF Cookie Tests", func() {
 			}
 		})
 
+		AfterEach(func() {
+			privateCSRF.nowFunc = origNow
+		})
+
 		Context("SetCookie", func() {
 			It("adds the encoded CSRF cookie to a ResponseWriter", func() {
 				rw := httptest.NewRecorder()
@@ -153,7 +161,7 @@ var _ = Describe("CSRF Cookie Tests", func() {
 						"; Path=%s; Domain=%s; Expires=%s; HttpOnly; Secure",
 						cookiePath,
 						cookieDomain,
-						testCookieExpires(now().Add(cookieOpts.Expire)),
+						testCookieExpires(testNow.Add(cookieOpts.Expire)),
 					),
 				))
 			})
@@ -171,7 +179,7 @@ var _ = Describe("CSRF Cookie Tests", func() {
 						privateCSRF.cookieName(),
 						cookiePath,
 						cookieDomain,
-						testCookieExpires(now().Add(time.Hour*-1)),
+						testCookieExpires(testNow.Add(time.Hour*-1)),
 					),
 				))
 			})