Ensure all instances of NewAuthenticationService have a key

canonical · Jun 12, 2024 · f425400 · f425400
1 parent c22b7a3
commit f425400
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 2 deletions.
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -73,7 +73,7 @@ services:
       JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 1h
       JIMM_SECURE_SESSION_COOKIES: false
       JIMM_SESSION_COOKIE_MAX_AGE: 86400
-      JIMM_SESSION_STORE_SECRET_KEY: WHoyUmtSOWc4N003NXhmb3VtaEVzNU9tR3ppSVg4RDg4Ums1WVc4RlN2a0JQU2dlSzl0NUFTOUl2UERKM05uQgo=
+      JIMM_SESSION_SECRET_KEY: Xz2RkR9g87M75xfoumhEs5OmGziIX8D88Rk5YW8FSvkBPSgeK9t5AS9IvPDJ3NnB
     volumes:
       - ./:/jimm/
       - ./local/vault/approle.json:/vault/approle.json:rw

diff --git a/internal/auth/oauth2.go b/internal/auth/oauth2.go
@@ -312,6 +312,7 @@ func (as *AuthenticationService) MintSessionToken(email string) (string, error)
 
 	freshToken, err := jwt.Sign(token, jwt.WithKey(as.signingAlg, []byte(as.sessionSecretKey)))
 	if err != nil {
+		zapctx.Error(context.Background(), "failed to sign access token", zap.Error(err))
 		return "", errors.E(op, err, "failed to sign access token")
 	}
 

diff --git a/internal/auth/oauth2_test.go b/internal/auth/oauth2_test.go
@@ -43,11 +43,11 @@ func setupTestAuthSvc(ctx context.Context, c *qt.C, expiry time.Duration) (*auth
 		ClientSecret:        "SwjDofnbDzJDm9iyfUhEp67FfUFMY8L4",
 		Scopes:              []string{oidc.ScopeOpenID, "profile", "email"},
 		SessionTokenExpiry:  expiry,
-		SessionSecretKey:    "secret-key",
 		RedirectURL:         "http://localhost:8080/auth/callback",
 		Store:               db,
 		SessionStore:        sessionStore,
 		SessionCookieMaxAge: 60,
+		SessionSecretKey:    "secret-key",
 	})
 	c.Assert(err, qt.IsNil)
 

diff --git a/internal/jimm/user_test.go b/internal/jimm/user_test.go
@@ -43,6 +43,7 @@ func TestGetOpenFGAUser(t *testing.T) {
 		Store:               db,
 		SessionStore:        sessionStore,
 		SessionCookieMaxAge: 60,
+		SessionSecretKey:    "test-secret",
 	})
 	c.Assert(err, qt.IsNil)
 

diff --git a/internal/jimmtest/auth.go b/internal/jimmtest/auth.go
@@ -147,6 +147,7 @@ func SetupTestDashboardCallbackHandler(browserURL string, db *db.Database, sessi
 		Store:               db,
 		SessionStore:        sessionStore,
 		SessionCookieMaxAge: 60,
+		SessionSecretKey:    "test-secret",
 	})
 	if err != nil {
 		return nil, err

diff --git a/internal/jujuapi/admin_test.go b/internal/jujuapi/admin_test.go
@@ -58,6 +58,7 @@ func (s *adminSuite) SetUpTest(c *gc.C) {
 		Store:               &s.JIMM.Database,
 		SessionStore:        sessionStore,
 		SessionCookieMaxAge: 60,
+		SessionSecretKey:    "test-secret",
 	})
 	c.Assert(err, gc.Equals, nil)
 	s.JIMM.OAuthAuthenticator = authSvc