Merge pull request #10 from for v0.9 Release

go-aah · Mar 28, 2018 · 5262136 · 5262136
2 parents 96ba5d8 + fbf7c4d
commit 5262136
Show file tree

Hide file tree

Showing 8 changed files with 45 additions and 17 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -7,17 +7,16 @@ branches:
     # skip tags build, we are building branch and master that is enough for
     # consistenty check and release. Let's use Travis CI resources optimally
     # for aah framework.
-    - /^v[0-9]\.[0-9]/
+    - /^v[0-9.]+$/
 
 go:
-  - 1.8
   - 1.9
+  - "1.10"
   - tip
 
 go_import_path: aahframework.org/security.v0
 
 install:
-  - git config --global http.https://aahframework.org.followRedirects true
   - go get -t -v ./...
 
 script:

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2017 Jeevanandam M., https://myjeeva.com <jeeva@myjeeva.com>
+Copyright (c) 2016-2018 Jeevanandam M., https://myjeeva.com <jeeva@myjeeva.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # Security - aah framework
-[![Build Status](https://travis-ci.org/go-aah/security.svg?branch=master)](https://travis-ci.org/go-aah/security) [![codecov](https://codecov.io/gh/go-aah/security/branch/master/graph/badge.svg)](https://codecov.io/gh/go-aah/security/branch/master) [![Go Report Card](https://goreportcard.com/badge/aahframework.org/security.v0)](https://goreportcard.com/report/aahframework.org/security.v0) [![Version](https://img.shields.io/badge/version-0.8-blue.svg)](https://github.com/go-aah/security/releases/latest) [![GoDoc](https://godoc.org/aahframework.org/security.v0?status.svg)](https://godoc.org/aahframework.org/security.v0)  [![License](https://img.shields.io/github/license/go-aah/security.svg)](LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@aahframework-55acee.svg)](https://twitter.com/aahframework)
+[![Build Status](https://travis-ci.org/go-aah/security.svg?branch=master)](https://travis-ci.org/go-aah/security) [![codecov](https://codecov.io/gh/go-aah/security/branch/master/graph/badge.svg)](https://codecov.io/gh/go-aah/security/branch/master) [![Go Report Card](https://goreportcard.com/badge/aahframework.org/security.v0)](https://goreportcard.com/report/aahframework.org/security.v0) [![Version](https://img.shields.io/badge/version-0.9-blue.svg)](https://github.com/go-aah/security/releases/latest) [![GoDoc](https://godoc.org/aahframework.org/security.v0?status.svg)](https://godoc.org/aahframework.org/security.v0)  [![License](https://img.shields.io/github/license/go-aah/security.svg)](LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@aahframework-55acee.svg)](https://twitter.com/aahframework)
 
-***v0.8 [released](https://github.com/go-aah/security/releases/latest) and tagged on Oct 04, 2017***
+***v0.9 [released](https://github.com/go-aah/security/releases/latest) and tagged on Mar 27, 2018***
 
-Security library houses all the application security implementation (Authentication, Authorization, Session Management, CORS, CSRF, Security Headers, etc.) by aah framework.
+Security library houses all the application security implementation (Authentication, Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.
 
 *`security` developed for aah framework. However, it's an independent library, can be used separately with any `Go` language project. Feel free to use it.*
 

diff --git a/acrypto/password_encoder.go b/acrypto/password_encoder.go
@@ -48,13 +48,7 @@ func AddPasswordAlgorithm(name string, pe PasswordEncoder) error {
 		return ErrPasswordEncoderIsNil
 	}
 
-	if _, found := passEncoders[name]; found {
-		log.Warnf("acrypto: password encoder '%v' is already added", name)
-		return nil
-	}
-
 	passEncoders[name] = pe
-
 	return nil
 }
 

diff --git a/anticsrf/anti_csrf.go b/anticsrf/anti_csrf.go
@@ -40,9 +40,12 @@ type AntiCSRF struct {
 
 // New method initializes the Anti-CSRF based on security configuration.
 func New(cfg *config.Config) (*AntiCSRF, error) {
-	c := &AntiCSRF{cfg: cfg}
 	keyPrefix := "security.anti_csrf"
+	if !cfg.IsExists(keyPrefix) {
+		return &AntiCSRF{Enabled: false}, nil
+	}
 
+	c := &AntiCSRF{cfg: cfg}
 	c.Enabled = c.cfg.BoolDefault(keyPrefix+".enable", true)
 	c.secretLength = c.cfg.IntDefault(keyPrefix+".secret_length", 32)
 	c.headerName = c.cfg.StringDefault(keyPrefix+".header_name", "X-Anti-CSRF-Token")
@@ -87,6 +90,10 @@ func (ac *AntiCSRF) GenerateSecret() []byte {
 // CipherSecret method returns the Anti-CSRF secert from the cookie if not available
 // generates new secret.
 func (ac *AntiCSRF) CipherSecret(r *ahttp.Request) []byte {
+	if ac.cookieMgr == nil {
+		return ac.GenerateSecret()
+	}
+
 	cookie, err := r.Cookie(ac.cookieMgr.Options.Name)
 	if err != nil {
 		return ac.GenerateSecret()
@@ -130,6 +137,10 @@ func (ac *AntiCSRF) SaltCipherSecret(secret []byte) string {
 
 // SetCookie method write/refresh the Anti-CSRF cookie value and expriy.
 func (ac *AntiCSRF) SetCookie(w http.ResponseWriter, secret []byte) error {
+	if len(secret) == 0 || ac.cookieMgr == nil {
+		return nil
+	}
+
 	s := make([]byte, len(secret))
 	copy(s, secret)
 	value, err := ac.cookieMgr.Encode(s)
@@ -143,6 +154,10 @@ func (ac *AntiCSRF) SetCookie(w http.ResponseWriter, secret []byte) error {
 
 // ClearCookie method is to clear Anti-CSRF cookie when disabled.
 func (ac *AntiCSRF) ClearCookie(w http.ResponseWriter, r *ahttp.Request) {
+	if !ac.Enabled || ac.cookieMgr == nil {
+		return
+	}
+
 	if _, err := r.Cookie(ac.cookieMgr.Options.Name); err == nil {
 		opts := *ac.cookieMgr.Options
 		opts.MaxAge = -1

diff --git a/anticsrf/anti_csrf_test.go b/anticsrf/anti_csrf_test.go
@@ -18,6 +18,26 @@ import (
 	"aahframework.org/test.v0/assert"
 )
 
+func TestAntiCSRFNotEnabled(t *testing.T) {
+	cfgStr := `
+	security {
+	}
+	`
+
+	cfg, err := config.ParseString(cfgStr)
+	assert.Nil(t, err)
+
+	antiCSRF, err := New(cfg)
+	assert.Nil(t, err)
+
+	assert.False(t, antiCSRF.Enabled)
+
+	antiCSRF.SetCookie(nil, []byte{})
+	antiCSRF.ClearCookie(nil, nil)
+	antiCSRF.CipherSecret(nil)
+
+}
+
 func TestAntiCSRFSecret(t *testing.T) {
 	cfgStr := `
 	security {

diff --git a/security.go b/security.go
@@ -3,7 +3,7 @@
 // license that can be found in the LICENSE file.
 
 // Package security houses all the application security implementation Authentication,
-// Authorization, Session Management, CORS, CSRF, Security Headers, etc.) by aah framework.
+// Authorization, Session Management, CSRF, Security Headers, etc.) by aah framework.
 package security
 
 import (
@@ -84,7 +84,7 @@ func New() *Manager {
 //___________________________________
 
 // Init method initialize the application security configuration `security { ... }`.
-// Which is mainly Session, CORS, CSRF, Security Headers, etc.
+// Which is mainly Session, CSRF, Security Headers, etc.
 func (m *Manager) Init(appCfg *config.Config) error {
 	var err error
 	m.appCfg = appCfg

diff --git a/version.go b/version.go
@@ -5,4 +5,4 @@
 package security
 
 // Version is security library version no. of aah framework
-const Version = "0.8"
+const Version = "0.9"