Merge pull request #670 from ackleymi/prevent-store-reset-unauth

ackleymi · web-flow · commit 2903198aaa4d · 2024-09-10T16:15:38.000-05:00
Check logon auth before resetting store
diff --git a/in_session.go b/in_session.go
@@ -87,7 +87,7 @@ func (state inSession) Timeout(session *session, event internal.Event) (nextStat
 }
 
 func (state inSession) handleLogout(session *session, msg *Message) (nextState sessionState) {
-	if err := session.verifySelect(msg, false, false); err != nil {
+	if err := session.verifySelect(msg, false, false, true); err != nil {
 		return state.processReject(session, msg, err)
 	}
 
@@ -154,7 +154,7 @@ func (state inSession) handleSequenceReset(session *session, msg *Message) (next
 		}
 	}
 
-	if err := session.verifySelect(msg, bool(gapFillFlag), bool(gapFillFlag)); err != nil {
+	if err := session.verifySelect(msg, bool(gapFillFlag), bool(gapFillFlag), true); err != nil {
 		return state.processReject(session, msg, err)
 	}
 
diff --git a/logon_state_test.go b/logon_state_test.go
@@ -226,6 +226,27 @@ func (s *LogonStateTestSuite) TestFixMsgInLogonInitiateLogonExpectResetSeqNum()
 	s.NextSenderMsgSeqNum(2)
 }
 
+func (s *LogonStateTestSuite) TestFixMsgInLogonInitiateLogonRejectedSeqNumNotReset() {
+	s.session.InitiateLogon = true
+	s.session.sentReset = true
+	s.Require().Nil(s.store.IncrNextSenderMsgSeqNum())
+
+	logon := s.Logon()
+	logon.Body.SetField(tagHeartBtInt, FIXInt(32))
+	logon.Body.SetField(tagResetSeqNumFlag, FIXBoolean(true))
+
+	s.MockApp.On("FromAdmin").Return(RejectLogon{"reject message"})
+	s.MockApp.On("OnLogout")
+	s.MockApp.On("ToAdmin")
+	s.fixMsgIn(s.session, logon)
+
+	s.MockApp.AssertExpectations(s.T())
+	s.State(latentState{})
+
+	s.NextTargetMsgSeqNum(2)
+	s.NextSenderMsgSeqNum(3)
+}
+
 func (s *LogonStateTestSuite) TestFixMsgInLogonInitiateLogonUnExpectedResetSeqNum() {
 	s.session.InitiateLogon = true
 	s.session.sentReset = false
@@ -358,6 +379,7 @@ func (s *LogonStateTestSuite) TestFixMsgInLogonSeqNumTooLow() {
 	logon.Body.SetField(tagHeartBtInt, FIXInt(32))
 	logon.Header.SetInt(tagMsgSeqNum, 1)
 
+	s.MockApp.On("FromAdmin").Return(nil)
 	s.MockApp.On("ToAdmin")
 	s.NextTargetMsgSeqNum(2)
 	s.fixMsgIn(s.session, logon)
diff --git a/session.go b/session.go
@@ -507,6 +507,13 @@ func (s *session) handleLogon(msg *Message) error {
 		}
 	}
 
+	nextSenderMsgNumAtLogonReceived := s.store.NextSenderMsgSeqNum()
+
+	// Make sure this is a valid session before resetting the store.
+	if err := s.verifyMsgAgainstAppImpl(msg); err != nil {
+		return err
+	}
+
 	var resetSeqNumFlag FIXBoolean
 	if err := msg.Body.GetField(tagResetSeqNumFlag, &resetSeqNumFlag); err == nil {
 		if resetSeqNumFlag {
@@ -517,14 +524,14 @@ func (s *session) handleLogon(msg *Message) error {
 		}
 	}
 
-	nextSenderMsgNumAtLogonReceived := s.store.NextSenderMsgSeqNum()
-
 	if resetStore {
 		if err := s.store.Reset(); err != nil {
 			return err
 		}
 	}
 
+	// Verify seq num too high but dont check against app implementation since we just did that.
+	// Don't need to double check.
 	if err := s.verifyIgnoreSeqNumTooHigh(msg); err != nil {
 		return err
 	}
@@ -586,18 +593,18 @@ func (s *session) initiateLogoutInReplyTo(reason string, inReplyTo *Message) (er
 }
 
 func (s *session) verify(msg *Message) MessageRejectError {
-	return s.verifySelect(msg, true, true)
+	return s.verifySelect(msg, true, true, true)
 }
 
 func (s *session) verifyIgnoreSeqNumTooHigh(msg *Message) MessageRejectError {
-	return s.verifySelect(msg, false, true)
+	return s.verifySelect(msg, false, true, false)
 }
 
 func (s *session) verifyIgnoreSeqNumTooHighOrLow(msg *Message) MessageRejectError {
-	return s.verifySelect(msg, false, false)
+	return s.verifySelect(msg, false, false, true)
 }
 
-func (s *session) verifySelect(msg *Message, checkTooHigh bool, checkTooLow bool) MessageRejectError {
+func (s *session) verifySelect(msg *Message, checkTooHigh bool, checkTooLow bool, checkAppImpl bool) MessageRejectError {
 	if reject := s.checkBeginString(msg); reject != nil {
 		return reject
 	}
@@ -626,6 +633,14 @@ func (s *session) verifySelect(msg *Message, checkTooHigh bool, checkTooLow bool
 		}
 	}
 
+	if checkAppImpl {
+		return s.verifyMsgAgainstAppImpl(msg)
+	}
+
+	return nil
+}
+
+func (s *session) verifyMsgAgainstAppImpl(msg *Message) MessageRejectError {
 	if s.Validator != nil {
 		if reject := s.Validator.Validate(msg); reject != nil {
 			return reject

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func (state inSession) Timeout(session *session, event internal.Event) (nextStat`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`func (state inSession) handleLogout(session session, msg Message) (nextState sessionState) {`
`90`		`- if err := session.verifySelect(msg, false, false); err != nil {`
	`90`	`+ if err := session.verifySelect(msg, false, false, true); err != nil {`
`91`	`91`	`return state.processReject(session, msg, err)`
`92`	`92`	`}`
`93`	`93`
`@@ -154,7 +154,7 @@ func (state inSession) handleSequenceReset(session session, msg Message) (next`
`154`	`154`	`}`
`155`	`155`	`}`
`156`	`156`
`157`		`- if err := session.verifySelect(msg, bool(gapFillFlag), bool(gapFillFlag)); err != nil {`
	`157`	`+ if err := session.verifySelect(msg, bool(gapFillFlag), bool(gapFillFlag), true); err != nil {`
`158`	`158`	`return state.processReject(session, msg, err)`
`159`	`159`	`}`
`160`	`160`
Original file line number	Diff line number	Diff line change
`@@ -507,6 +507,13 @@ func (s session) handleLogon(msg Message) error {`
`507`	`507`	`}`
`508`	`508`	`}`
`509`	`509`
	`510`	`+ nextSenderMsgNumAtLogonReceived := s.store.NextSenderMsgSeqNum()`
	`511`	`+`
	`512`	`+ // Make sure this is a valid session before resetting the store.`
	`513`	`+ if err := s.verifyMsgAgainstAppImpl(msg); err != nil {`
	`514`	`+ return err`
	`515`	`+ }`
	`516`	`+`
`510`	`517`	`var resetSeqNumFlag FIXBoolean`
`511`	`518`	`if err := msg.Body.GetField(tagResetSeqNumFlag, &resetSeqNumFlag); err == nil {`
`512`	`519`	`if resetSeqNumFlag {`
`@@ -517,14 +524,14 @@ func (s session) handleLogon(msg Message) error {`
`517`	`524`	`}`
`518`	`525`	`}`
`519`	`526`
`520`		`- nextSenderMsgNumAtLogonReceived := s.store.NextSenderMsgSeqNum()`
`521`		`-`
`522`	`527`	`if resetStore {`
`523`	`528`	`if err := s.store.Reset(); err != nil {`
`524`	`529`	`return err`
`525`	`530`	`}`
`526`	`531`	`}`
`527`	`532`
	`533`	`+ // Verify seq num too high but dont check against app implementation since we just did that.`
	`534`	`+ // Don't need to double check.`
`528`	`535`	`if err := s.verifyIgnoreSeqNumTooHigh(msg); err != nil {`
`529`	`536`	`return err`
`530`	`537`	`}`
`@@ -586,18 +593,18 @@ func (s session) initiateLogoutInReplyTo(reason string, inReplyTo Message) (er`
`586`	`593`	`}`
`587`	`594`
`588`	`595`	`func (s session) verify(msg Message) MessageRejectError {`
`589`		`- return s.verifySelect(msg, true, true)`
	`596`	`+ return s.verifySelect(msg, true, true, true)`
`590`	`597`	`}`
`591`	`598`
`592`	`599`	`func (s session) verifyIgnoreSeqNumTooHigh(msg Message) MessageRejectError {`
`593`		`- return s.verifySelect(msg, false, true)`
	`600`	`+ return s.verifySelect(msg, false, true, false)`
`594`	`601`	`}`
`595`	`602`
`596`	`603`	`func (s session) verifyIgnoreSeqNumTooHighOrLow(msg Message) MessageRejectError {`
`597`		`- return s.verifySelect(msg, false, false)`
	`604`	`+ return s.verifySelect(msg, false, false, true)`
`598`	`605`	`}`
`599`	`606`
`600`		`-func (s session) verifySelect(msg Message, checkTooHigh bool, checkTooLow bool) MessageRejectError {`
	`607`	`+func (s session) verifySelect(msg Message, checkTooHigh bool, checkTooLow bool, checkAppImpl bool) MessageRejectError {`
`601`	`608`	`if reject := s.checkBeginString(msg); reject != nil {`
`602`	`609`	`return reject`
`603`	`610`	`}`
`@@ -626,6 +633,14 @@ func (s session) verifySelect(msg Message, checkTooHigh bool, checkTooLow bool`
`626`	`633`	`}`
`627`	`634`	`}`
`628`	`635`
	`636`	`+ if checkAppImpl {`
	`637`	`+ return s.verifyMsgAgainstAppImpl(msg)`
	`638`	`+ }`
	`639`	`+`
	`640`	`+ return nil`
	`641`	`+}`
	`642`	`+`
	`643`	`+func (s session) verifyMsgAgainstAppImpl(msg Message) MessageRejectError {`
`629`	`644`	`if s.Validator != nil {`
`630`	`645`	`if reject := s.Validator.Validate(msg); reject != nil {`
`631`	`646`	`return reject`