Don't panic if we don't find the nonce in the cache

2017-10-03 20:33:47 +11:00 · 2017-10-03 20:33:47 +11:00 · 2d8643d593
parent febc3e4fe3
commit 2d8643d593
1 changed files with 5 additions and 2 deletions
--- a/main.go
+++ b/main.go
@ -186,10 +186,13 @@ func redirectIfNoCookie(handler http.Handler, r *http.Request, w http.ResponseWr

 func getReturnUrl(secret string, payload string, sig string, nonce string) (returnUrl string, err error) {
 	value, gotNonce := nonceCache.Get(nonce)
+	if !gotNonce {
+		err = fmt.Errorf("Nonce %s not found", nonce)
+		return
+	}
 	returnUrl = value.(string)
 	nonceCache.Remove(nonce)
-	valid := ComputeHmac256(payload, secret) == sig && gotNonce
-	if !valid {
+	if ComputeHmac256(payload, secret) != sig {
 		err = fmt.Errorf("Signature is invalid")
 	}
 	return