search

elixir-plug / plug

Compose web applications with functions
https://hex.pm/packages/plug
Other
2.84k stars 582 forks source link

Compatibility issue with plug_crypto 2.0.0 #1184

Closed leolaudouard closed 9 months ago

leolaudouard commented 9 months ago

We upgraded plug to 1.15.1, which landed wth plug_crypto 2.0.0, and we have this error, using session cookie plug.

16:41:06.357 [error] #PID<0.372.0> running Testo.Router (connection #PID<0.371.0>, stream id 1) terminated
Server: localhost:4040 (http)
Request: GET /testo
** (exit) an exception was raised:
    ** (FunctionClauseError) no function clause matching in Plug.Crypto.MessageEncryptor.encrypt/4
        (plug_crypto 2.0.0) lib/plug/crypto/message_encryptor.ex:36: Plug.Crypto.MessageEncryptor.encrypt(<<131, 116, 0, 0, 0, 1, 109, 0, 0, 0, 5, 102, 108, 97, 115, 104, 104, 2, 100, 0, 4, 116, 111, 116, 111, 100, 0, 4, 116, 105, 116, 105>>, "A128GCM", <<201, 153, 215, 221, 133, 125, 182, 6, 55, 108, 238, 58, 253, 163, 219, 175, 191, 227, 150, 182, 73, 235, 71, 160, 82, 194, 25, 94, 144, 218, 180, 191, 173, 24, 158, 25, 178, 217, 174, 67, 48, 13, 190, 174, 99, 229, 238, 104, 236, 255, ...>>, <<201, 86, 89, 65, 230, 208, 26, 150, 158, 231, 82, 238, 121, 234, 138, 145, 119, 212, 80, 99, 230, 136, 73, 251, 22, 106, 64, 136, 50, 138, 57, 202, 6, 29, 0, 103, 128, 83, 156, 40, 132, 224, 0, 186, 186, 216, 100, 213, 225, 214, ...>>)
        (plug 1.15.1) lib/plug/session.ex:96: anonymous fn/3 in Plug.Session.before_send/2
        (elixir 1.14.3) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
        (plug 1.15.1) lib/plug/conn.ex:1836: Plug.Conn.run_before_send/2
        (plug 1.15.1) lib/plug/conn.ex:441: Plug.Conn.send_resp/1
        (plug_cowboy 2.6.1) lib/plug/cowboy/handler.ex:12: Plug.Cowboy.Handler.init/2
        (cowboy 2.10.0) testo/deps/cowboy/src/cowboy_handler.erl:37: :cowboy_handler.execute/2
        (cowboy 2.10.0) testo/deps/cowboy/src/cowboy_stream_h.erl:306: :cowboy_stream_h.execute/3

You can reproduce the issue by starting this application:

https://github.com/leolaudouard/plug_issue_example

iex -S mix & then curl localhost:4040/testo

Here is the commit where I add the session cookie, maybe I missed something in the docs:

https://github.com/leolaudouard/plug_issue_example/commit/35d2bb3929f9b24f81a56c914b4e423ee8048c3a

josevalim commented 9 months ago

Your key length is incompatible. Remove it or set it to 32. :) This means you will log out users once you do a new deploy, so please plan accordingly!

leolaudouard commented 9 months ago

Thanks for the quick answer @josevalim :pray:

What is the constraint? Max length is 32?

I suppose this example should be updated: https://github.com/elixir-plug/plug/blob/main/lib/plug/session/cookie.ex#L62

pablopen commented 5 months ago

Hi @josevalim , thanks for your work!

I've found a similar issue when updating the library while using a :key_length of 64 instead of 32 in the Plug.Session.COOKIE.

Should this value still and option when the only valid value is 32? Is listed in the documents here https://hexdocs.pm/plug/Plug.Session.COOKIE.html

Looks like this option is incompatible with plug_crypto's Plug.Crypto.MessageEncryptor.encrypt

Thanks for your time