cloudiful_redactor/session/
inspect.rs1use anyhow::Result;
2
3use crate::types::SessionSummary;
4
5use super::crypto::decrypt_session_from_str;
6
7pub fn inspect_encrypted_session(data: &str, passphrase: &str) -> Result<SessionSummary> {
8 let session = decrypt_session_from_str(data, passphrase)?;
9 Ok(SessionSummary::from(&session))
10}
11
12#[cfg(test)]
13mod tests {
14 use super::inspect_encrypted_session;
15 use crate::{RedactorBuilder, encrypt_session_to_string};
16
17 #[test]
18 fn inspect_uses_authenticated_session_not_outer_metadata() {
19 let session = RedactorBuilder::new()
20 .build()
21 .redact_with_session("alice@example.com")
22 .expect("session");
23 let encrypted = encrypt_session_to_string(&session, "inspect-passphrase").expect("encrypt");
24 let mut envelope: serde_json::Value = serde_json::from_str(&encrypted).expect("json");
25 envelope["session_id"] = serde_json::Value::String("forged".to_string());
26 let summary = inspect_encrypted_session(&envelope.to_string(), "inspect-passphrase")
27 .expect("inspect");
28 assert_eq!(summary.session_id, session.session_id);
29 }
30
31 #[test]
32 fn inspect_rejects_wrong_passphrase() {
33 let session = RedactorBuilder::new()
34 .build()
35 .redact_with_session("alice@example.com")
36 .expect("session");
37 let encrypted = encrypt_session_to_string(&session, "inspect-passphrase").expect("encrypt");
38 assert!(inspect_encrypted_session(&encrypted, "wrong-passphrase").is_err());
39 }
40}