Fix session expiration calculation

miquella · miquella · commit fdd69918c8b4 · 2019-08-23T15:37:01.000-06:00
A tolerance is provided when calculating the expiration of a session.
Unfortunately, this tolerance was incorrectly applied and caused the
session to not be considered expired until the tolerance (15 minutes)
after the expiration had passed.
diff --git a/lib/session.go b/lib/session.go
@@ -56,7 +56,7 @@ func (s *Session) Clone() *Session {
 }
 
 func (s *Session) Expired(tolerance time.Duration) bool {
-	return s.Expiration.Before(time.Now().Add(-tolerance))
+	return time.Now().Add(tolerance).After(s.Expiration)
 }
 
 func (s *Session) AssumeSessionRole() (*Session, error) {
diff --git a/lib/session_test.go b/lib/session_test.go
@@ -7,6 +7,18 @@ import (
 	"time"
 )
 
+func TestSessionExpiration(t *testing.T) {
+	s := Session{
+		Expiration: time.Now().Add(15 * time.Minute),
+	}
+	if s.Expired(10 * time.Minute) {
+		t.Errorf("Session manifesting as expired, but shouldn't be")
+	}
+	if !s.Expired(15 * time.Minute) {
+		t.Errorf("Session not manifesting as expired, but should be")
+	}
+}
+
 func TestSessionVariables(t *testing.T) {
 	s := Session{
 		Name:       "vault",

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ func (s Session) Clone() Session {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`func (s *Session) Expired(tolerance time.Duration) bool {`
`59`		`- return s.Expiration.Before(time.Now().Add(-tolerance))`
	`59`	`+ return time.Now().Add(tolerance).After(s.Expiration)`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`func (s Session) AssumeSessionRole() (Session, error) {`