fix: propagate session unmarshal errors instead of silently discarding

hrntknr · hrntknr · commit eecbd18f113f · 2026-04-17T00:47:49.000+09:00
diff --git a/pkg/repository/interface.go b/pkg/repository/interface.go
@@ -3,6 +3,7 @@ package repository
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 
 	"github.com/ory/fosite"
 	"github.com/ory/fosite/handler/oauth2"
@@ -29,10 +30,12 @@ type AuthorizeRequestStorage interface {
 	DeleteAuthorizeRequest(ctx context.Context, requestID string) error
 }
 
-func restoreSession(req *fosite.Request, sessionData json.RawMessage, sess fosite.Session) {
+func restoreSession(req *fosite.Request, sessionData json.RawMessage, sess fosite.Session) error {
 	if len(sessionData) > 0 && sess != nil {
-		if json.Unmarshal(sessionData, sess) == nil {
-			req.SetSession(sess)
+		if err := json.Unmarshal(sessionData, sess); err != nil {
+			return fmt.Errorf("failed to unmarshal session data: %w", err)
 		}
+		req.SetSession(sess)
 	}
+	return nil
 }
diff --git a/pkg/repository/kvs.go b/pkg/repository/kvs.go
@@ -89,7 +89,9 @@ func (r *kvsRepository) GetAuthorizeCodeSession(ctx context.Context, code string
 		return nil, err
 	}
 	fositeReq := req.ToFositeReq()
-	restoreSession(fositeReq, req.SessionData, sess)
+	if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {
+		return nil, err
+	}
 	return fositeReq, nil
 }
 
@@ -107,7 +109,9 @@ func (r *kvsRepository) GetAccessTokenSession(ctx context.Context, signature str
 		return nil, err
 	}
 	fositeReq := req.ToFositeReq()
-	restoreSession(fositeReq, req.SessionData, sess)
+	if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {
+		return nil, err
+	}
 	return fositeReq, nil
 }
 
@@ -125,7 +129,9 @@ func (r *kvsRepository) GetRefreshTokenSession(ctx context.Context, signature st
 		return nil, err
 	}
 	fositeReq := req.ToFositeReq()
-	restoreSession(fositeReq, req.SessionData, sess)
+	if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {
+		return nil, err
+	}
 	return fositeReq, nil
 }
 
@@ -200,7 +206,9 @@ func (r *kvsRepository) GetPKCERequestSession(ctx context.Context, signature str
 		return nil, err
 	}
 	fositeReq := req.ToFositeReq()
-	restoreSession(fositeReq, req.SessionData, sess)
+	if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {
+		return nil, err
+	}
 	return fositeReq, nil
 }
 
diff --git a/pkg/repository/sql.go b/pkg/repository/sql.go
@@ -356,7 +356,9 @@ func unmarshalRequest(data []byte, sess fosite.Session) (fosite.Requester, error
 		return nil, fmt.Errorf("failed to unmarshal request: %w", err)
 	}
 	fositeReq := req.ToFositeReq()
-	restoreSession(fositeReq, req.SessionData, sess)
+	if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {
+		return nil, err
+	}
 	return fositeReq, nil
 }
 
diff --git a/pkg/repository/sql_test.go b/pkg/repository/sql_test.go
@@ -98,7 +98,7 @@ func TestSQLRepositorySessionPersistence(t *testing.T) {
 	}
 }
 
-func TestSQLRepositorySessionPersistence_BackwardsCompatible(t *testing.T) {
+func TestSQLRepositorySessionPersistence_NilSessionStored(t *testing.T) {
 	repo, err := NewSQLRepository("sqlite", "file::memory:?cache=shared&_busy_timeout=5000")
 	if err != nil {
 		t.Fatalf("failed to create sql repository: %v", err)
@@ -112,7 +112,6 @@ func TestSQLRepositorySessionPersistence_BackwardsCompatible(t *testing.T) {
 		RedirectURIs: []string{"https://example.com/callback"},
 	}
 
-	// Simulate old data without session
 	req := &fosite.Request{
 		ID:             "req-old",
 		RequestedAt:    time.Now().UTC().Round(time.Second),
@@ -130,9 +129,8 @@ func TestSQLRepositorySessionPersistence_BackwardsCompatible(t *testing.T) {
 		t.Fatalf("GetAuthorizeCodeSession failed: %v", err)
 	}
 
-	// Session should be nil (no data to restore, no fallback)
 	if result.GetSession() != nil {
-		t.Fatalf("expected nil session for old data, got %v", result.GetSession())
+		t.Fatalf("expected nil session when no session was stored, got %v", result.GetSession())
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package repository`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`	`5`	`"encoding/json"`
	`6`	`+ "fmt"`
`6`	`7`
`7`	`8`	`"github.com/ory/fosite"`
`8`	`9`	`"github.com/ory/fosite/handler/oauth2"`
`@@ -29,10 +30,12 @@ type AuthorizeRequestStorage interface {`
`29`	`30`	`DeleteAuthorizeRequest(ctx context.Context, requestID string) error`
`30`	`31`	`}`
`31`	`32`
`32`		`-func restoreSession(req *fosite.Request, sessionData json.RawMessage, sess fosite.Session) {`
	`33`	`+func restoreSession(req *fosite.Request, sessionData json.RawMessage, sess fosite.Session) error {`
`33`	`34`	`if len(sessionData) > 0 && sess != nil {`
`34`		`- if json.Unmarshal(sessionData, sess) == nil {`
`35`		`- req.SetSession(sess)`
	`35`	`+ if err := json.Unmarshal(sessionData, sess); err != nil {`
	`36`	`+ return fmt.Errorf("failed to unmarshal session data: %w", err)`
`36`	`37`	`}`
	`38`	`+ req.SetSession(sess)`
`37`	`39`	`}`
	`40`	`+ return nil`
`38`	`41`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,9 @@ func (r *kvsRepository) GetAuthorizeCodeSession(ctx context.Context, code string`
`89`	`89`	`return nil, err`
`90`	`90`	`}`
`91`	`91`	`fositeReq := req.ToFositeReq()`
`92`		`- restoreSession(fositeReq, req.SessionData, sess)`
	`92`	`+ if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {`
	`93`	`+ return nil, err`
	`94`	`+ }`
`93`	`95`	`return fositeReq, nil`
`94`	`96`	`}`
`95`	`97`
`@@ -107,7 +109,9 @@ func (r *kvsRepository) GetAccessTokenSession(ctx context.Context, signature str`
`107`	`109`	`return nil, err`
`108`	`110`	`}`
`109`	`111`	`fositeReq := req.ToFositeReq()`
`110`		`- restoreSession(fositeReq, req.SessionData, sess)`
	`112`	`+ if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {`
	`113`	`+ return nil, err`
	`114`	`+ }`
`111`	`115`	`return fositeReq, nil`
`112`	`116`	`}`
`113`	`117`
`@@ -125,7 +129,9 @@ func (r *kvsRepository) GetRefreshTokenSession(ctx context.Context, signature st`
`125`	`129`	`return nil, err`
`126`	`130`	`}`
`127`	`131`	`fositeReq := req.ToFositeReq()`
`128`		`- restoreSession(fositeReq, req.SessionData, sess)`
	`132`	`+ if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {`
	`133`	`+ return nil, err`
	`134`	`+ }`
`129`	`135`	`return fositeReq, nil`
`130`	`136`	`}`
`131`	`137`
`@@ -200,7 +206,9 @@ func (r *kvsRepository) GetPKCERequestSession(ctx context.Context, signature str`
`200`	`206`	`return nil, err`
`201`	`207`	`}`
`202`	`208`	`fositeReq := req.ToFositeReq()`
`203`		`- restoreSession(fositeReq, req.SessionData, sess)`
	`209`	`+ if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {`
	`210`	`+ return nil, err`
	`211`	`+ }`
`204`	`212`	`return fositeReq, nil`
`205`	`213`	`}`
`206`	`214`
Original file line number	Diff line number	Diff line change
`@@ -356,7 +356,9 @@ func unmarshalRequest(data []byte, sess fosite.Session) (fosite.Requester, error`
`356`	`356`	`return nil, fmt.Errorf("failed to unmarshal request: %w", err)`
`357`	`357`	`}`
`358`	`358`	`fositeReq := req.ToFositeReq()`
`359`		`- restoreSession(fositeReq, req.SessionData, sess)`
	`359`	`+ if err := restoreSession(fositeReq, req.SessionData, sess); err != nil {`
	`360`	`+ return nil, err`
	`361`	`+ }`
`360`	`362`	`return fositeReq, nil`
`361`	`363`	`}`
`362`	`364`
Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ func TestSQLRepositorySessionPersistence(t *testing.T) {`
`98`	`98`	`}`
`99`	`99`	`}`
`100`	`100`
`101`		`-func TestSQLRepositorySessionPersistence_BackwardsCompatible(t *testing.T) {`
	`101`	`+func TestSQLRepositorySessionPersistence_NilSessionStored(t *testing.T) {`
`102`	`102`	`repo, err := NewSQLRepository("sqlite", "file::memory:?cache=shared&_busy_timeout=5000")`
`103`	`103`	`if err != nil {`
`104`	`104`	`t.Fatalf("failed to create sql repository: %v", err)`
`@@ -112,7 +112,6 @@ func TestSQLRepositorySessionPersistence_BackwardsCompatible(t *testing.T) {`
`112`	`112`	`RedirectURIs: []string{"https://example.com/callback"},`
`113`	`113`	`}`
`114`	`114`
`115`		`- // Simulate old data without session`
`116`	`115`	`req := &fosite.Request{`
`117`	`116`	`ID: "req-old",`
`118`	`117`	`RequestedAt: time.Now().UTC().Round(time.Second),`
`@@ -130,9 +129,8 @@ func TestSQLRepositorySessionPersistence_BackwardsCompatible(t *testing.T) {`
`130`	`129`	`t.Fatalf("GetAuthorizeCodeSession failed: %v", err)`
`131`	`130`	`}`
`132`	`131`
`133`		`- // Session should be nil (no data to restore, no fallback)`
`134`	`132`	`if result.GetSession() != nil {`
`135`		`- t.Fatalf("expected nil session for old data, got %v", result.GetSession())`
	`133`	`+ t.Fatalf("expected nil session when no session was stored, got %v", result.GetSession())`
`136`	`134`	`}`
`137`	`135`	`}`
`138`	`136`