session states are ordered

auth/auth.go

@@ -133,7 +133,7 @@ func getSession() http.Handler {
 				return
 			}
 			st := s.State()
-			if st == SessionStateLoggedIn || st == SessionStateLoginFailed || st == SessionStateLoginTimeout { // TODO: do we need to include other states here as well?
+			if st >= SessionStateLoggedIn {
 				sendHTTPResponse(w, http.StatusOK, s)
 				return
 			}

auth/sessions.go

@@ -44,13 +44,13 @@ type SessionState uint32
 
 const (
 	SessionStateNew SessionState = iota
+	SessionStateStale
 	SessionStateLoginStarted
 	SessionStateLoginFinalizing
 	SessionStateLoggedIn
 	SessionStateLoginFailed
 	SessionStateLoginTimeout
 	SessionStateLoggedOut
-	SessionStateStale
 	SessionStateRemoved
 )
 
@@ -58,6 +58,8 @@ func (s SessionState) String() string {
 	switch s {
 	case SessionStateNew:
 		return "new"
+	case SessionStateStale:
+		return "stale"
 	case SessionStateLoginStarted:
 		return "login-started"
 	case SessionStateLoginFinalizing:
@@ -70,8 +72,6 @@ func (s SessionState) String() string {
 		return "login-timeout"
 	case SessionStateLoggedOut:
 		return "logged-out"
-	case SessionStateStale:
-		return "stale"
 	case SessionStateRemoved:
 		return "removed"
 	}
@@ -330,7 +330,7 @@ func (sm *SessionManager) update(s *Session) error {
 
 	old, ok := sm.sessions[s.id]
 	if !ok {
-		return errors.New("session not found.")
+		return errors.New("session not found")
 	}
 	if s.id != old.id || s.secret != old.secret || s.ctx != old.ctx { // TODO: function compares don't work: s.cancel != old.cancel
 		panic("sessions.update(): id, secret, ctx and cancel need not change!")
@@ -365,7 +365,7 @@ func (sm *SessionManager) cleanup() {
 	for id, s := range sm.sessions {
 		valid := s.Valid()
 		st := s.State()
-		if !valid || st == SessionStateLoginFailed || st == SessionStateLoginTimeout || st == SessionStateLoggedOut {
+		if !valid || st > SessionStateLoggedIn {
 			delete(sm.sessions, id)
 			s.setState(SessionStateRemoved)
 			s.cleanup()

contrib/run.sh

@@ -7,10 +7,10 @@ export AURA_TANK_LISTEN=127.0.0.1:8080
 export STORE_PATH="/run/user/${UID}/aura-tank"
 mkdir -p "${STORE_PATH}"
 
-export OIDC_CLIENT_ID="693347"
-export OIDC_CLIENT_SECRET="f9475d777a2180f71c02cb0d0d56839f8ee6e66e1e2ef5df6c55451b"
+#export OIDC_CLIENT_ID="693347"
+#export OIDC_CLIENT_SECRET="f9475d777a2180f71c02cb0d0d56839f8ee6e66e1e2ef5df6c55451b"
 
-#export OIDC_CLIENT_ID="106243"
-#export OIDC_CLIENT_SECRET="942234084668700fd3c86227a04be646aa9323afa7f69f913d8abe99"
+export OIDC_CLIENT_ID="106243"
+export OIDC_CLIENT_SECRET="942234084668700fd3c86227a04be646aa9323afa7f69f913d8abe99"
 
 "$BASE_D/tank" --config "$BASE_D/contrib/sample-cfg.yaml" run

contrib/sample-cfg.yaml

@@ -29,16 +29,16 @@ importer:
   normalizer: ffmpeg
 
 ### uncomment to enable authentication
-# auth:
-#   sessions:
-#     ## defaults to 24h
-#     max-age: 12h
-#   oidc:
-#     issuer-url: http://localhost:8000/openid
-#     client-id: ${OIDC_CLIENT_ID}
-#     client-secret: ${OIDC_CLIENT_SECRET}
-#     callback-url: http://localhost:8080/auth/oidc/callback
-#     login-timeout: 10m # defaults to 5 Minutes
+auth:
+  sessions:
+    ## defaults to 24h
+    max-age: 12h
+  oidc:
+    issuer-url: http://localhost:8000/openid
+    client-id: ${OIDC_CLIENT_ID}
+    client-secret: ${OIDC_CLIENT_SECRET}
+    callback-url: http://localhost:8080/auth/oidc/callback
+    login-timeout: 10m # defaults to 5 Minutes
 
 ### uncomment to enable CORS headers
 ### see: https://godoc.org/github.com/rs/cors#Options