func DecodeSessionState()

in providers/session_state.go [163:224]


func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error) {
	var ssj SessionStateJSON
	var ss *SessionState
	err := json.Unmarshal([]byte(v), &ssj)
	if err == nil && ssj.SessionState != nil {
		// Extract SessionState and ExpiresOn value from SessionStateJSON
		ss = ssj.SessionState
		if ssj.ExpiresOn != nil {
			ss.ExpiresOn = *ssj.ExpiresOn
		}
	} else {
		// Try to decode a legacy string when json.Unmarshal failed
		ss, err = legacyDecodeSessionState(v, c)
		if err != nil {
			return nil, err
		}
	}
	if c == nil {
		// Load only Email and User when cipher is unavailable
		ss = &SessionState{
			Email: ss.Email,
			User:  ss.User,
		}
	} else {
		// Backward compatibility with using unecrypted Email
		if ss.Email != "" {
			decryptedEmail, errEmail := c.Decrypt(ss.Email)
			if errEmail == nil {
				ss.Email = decryptedEmail
			}
		}
		// Backward compatibility with using unecrypted User
		if ss.User != "" {
			decryptedUser, errUser := c.Decrypt(ss.User)
			if errUser == nil {
				ss.User = decryptedUser
			}
		}
		if ss.AccessToken != "" {
			ss.AccessToken, err = c.Decrypt(ss.AccessToken)
			if err != nil {
				return nil, err
			}
		}
		if ss.IDToken != "" {
			ss.IDToken, err = c.Decrypt(ss.IDToken)
			if err != nil {
				return nil, err
			}
		}
		if ss.RefreshToken != "" {
			ss.RefreshToken, err = c.Decrypt(ss.RefreshToken)
			if err != nil {
				return nil, err
			}
		}
	}
	if ss.User == "" {
		ss.User = strings.Split(ss.Email, "@")[0]
	}
	return ss, nil
}