From d2b7229f88c5b27c6c8310621e26910fcbcecbfc Mon Sep 17 00:00:00 2001
From: Michael Tidwell <tidwell@zebedee.io>
Date: Tue, 13 Dec 2022 23:33:15 -0500
Subject: [PATCH 1/3] Using secrecy 0.8 modified session_key.rs to impl
 secrecy::Zeroize for SessionKey modified session.rs in attempts of adding
 secrecy::Secret<SessionKey> to InnerSession struct.

---
 actix-session/Cargo.toml                 | 24 ++++++++++++++++++++----
 actix-session/src/session.rs             | 11 ++++++++++-
 actix-session/src/storage/session_key.rs | 10 ++++++++--
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/actix-session/Cargo.toml b/actix-session/Cargo.toml
index f016d511f5..46c3570d30 100644
--- a/actix-session/Cargo.toml
+++ b/actix-session/Cargo.toml
@@ -30,7 +30,10 @@ redis-rs-tls-session = ["redis-rs-session", "redis/tokio-native-tls-comp"]
 [dependencies]
 actix-service = "2"
 actix-utils = "3"
-actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies"] }
+actix-web = { version = "4", default_features = false, features = [
+  "cookies",
+  "secure-cookies",
+] }
 
 anyhow = "1"
 async-trait = "0.1"
@@ -44,14 +47,27 @@ tracing = { version = "0.1.30", default-features = false, features = ["log"] }
 actix = { version = "0.13", default-features = false, optional = true }
 actix-redis = { version = "0.12", optional = true }
 futures-core = { version = "0.3.7", default-features = false, optional = true }
+secrecy = "0.8"
 
 # redis-rs-session
-redis = { version = "0.21", default-features = false, features = ["aio", "tokio-comp", "connection-manager"], optional = true }
+redis = { version = "0.21", default-features = false, features = [
+  "aio",
+  "tokio-comp",
+  "connection-manager",
+], optional = true }
 
 [dev-dependencies]
-actix-session = { path = ".", features = ["cookie-session", "redis-actor-session", "redis-rs-session"] }
+actix-session = { path = ".", features = [
+  "cookie-session",
+  "redis-actor-session",
+  "redis-rs-session",
+] }
 actix-test = "0.1.0-beta.10"
-actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies", "macros"] }
+actix-web = { version = "4", default_features = false, features = [
+  "cookies",
+  "secure-cookies",
+  "macros",
+] }
 env_logger = "0.9"
 log = "0.4"
 
diff --git a/actix-session/src/session.rs b/actix-session/src/session.rs
index 35aaaa3f28..7b66845737 100644
--- a/actix-session/src/session.rs
+++ b/actix-session/src/session.rs
@@ -17,6 +17,8 @@ use anyhow::Context;
 use derive_more::{Display, From};
 use serde::{de::DeserializeOwned, Serialize};
 
+use crate::storage::SessionKey;
+
 /// The primary interface to access and modify session state.
 ///
 /// [`Session`] is an [extractor](#impl-FromRequest)—you can specify it as an input type for your
@@ -77,6 +79,7 @@ impl Default for SessionStatus {
 struct SessionInner {
     state: HashMap<String, String>,
     status: SessionStatus,
+    session_key: SessionKey,
 }
 
 impl Session {
@@ -101,7 +104,13 @@ impl Session {
             Ok(None)
         }
     }
-
+    /// Get a the session key itself from the overall session.
+    ///
+    /// Needs to be implemented
+    pub fn get_session_key(&self) -> secrecy::Secret<SessionKey> {
+        let key = self.0.borrow().session_key.clone();
+        secrecy::Secret::new(key)
+    }
     /// Get all raw key-value data from the session.
     ///
     /// Note that values are JSON encoded.
diff --git a/actix-session/src/storage/session_key.rs b/actix-session/src/storage/session_key.rs
index ad5c47a1d1..fa0269b26b 100644
--- a/actix-session/src/storage/session_key.rs
+++ b/actix-session/src/storage/session_key.rs
@@ -17,8 +17,8 @@ use derive_more::{Display, From};
 /// let session_key: Result<SessionKey, _> = key.try_into();
 /// assert!(session_key.is_err());
 /// ```
-#[derive(Debug, PartialEq, Eq)]
-pub struct SessionKey(String);
+#[derive(Debug, PartialEq, Eq, Default, Clone)]
+pub struct SessionKey(pub String);
 
 impl TryFrom<String> for SessionKey {
     type Error = InvalidSessionKeyError;
@@ -41,6 +41,12 @@ impl AsRef<str> for SessionKey {
     }
 }
 
+impl secrecy::Zeroize for SessionKey {
+    fn zeroize(&mut self) {
+        self.0.zeroize();
+    }
+}
+
 impl From<SessionKey> for String {
     fn from(key: SessionKey) -> Self {
         key.0

From b313f40ef0c51111db73ece0f051cd72f1231742 Mon Sep 17 00:00:00 2001
From: Michael Tidwell <tidwell@zebedee.io>
Date: Wed, 14 Dec 2022 00:16:58 -0500
Subject: [PATCH 2/3] todo

---
 actix-session/src/session.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/actix-session/src/session.rs b/actix-session/src/session.rs
index 7b66845737..bb7c395cfe 100644
--- a/actix-session/src/session.rs
+++ b/actix-session/src/session.rs
@@ -106,9 +106,9 @@ impl Session {
     }
     /// Get a the session key itself from the overall session.
     ///
-    /// Needs to be implemented
+    /// Retrieve the overall session key
     pub fn get_session_key(&self) -> secrecy::Secret<SessionKey> {
-        let key = self.0.borrow().session_key.clone();
+        let key = todo!("populate key somehow");
         secrecy::Secret::new(key)
     }
     /// Get all raw key-value data from the session.

From 091a49af4c6d424b3082d423cf40ecdc428086bb Mon Sep 17 00:00:00 2001
From: Michael Tidwell <tidwell@zebedee.io>
Date: Tue, 3 Jan 2023 23:39:51 -0500
Subject: [PATCH 3/3] update based on feedback, this is in a broken state

---
 actix-session/src/session.rs             |  8 +++++---
 actix-session/src/storage/session_key.rs | 13 +++++++------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/actix-session/src/session.rs b/actix-session/src/session.rs
index bb7c395cfe..3ff3ea1593 100644
--- a/actix-session/src/session.rs
+++ b/actix-session/src/session.rs
@@ -79,7 +79,7 @@ impl Default for SessionStatus {
 struct SessionInner {
     state: HashMap<String, String>,
     status: SessionStatus,
-    session_key: SessionKey,
+    session_key: Option<SessionKey>,
 }
 
 impl Session {
@@ -108,8 +108,10 @@ impl Session {
     ///
     /// Retrieve the overall session key
     pub fn get_session_key(&self) -> secrecy::Secret<SessionKey> {
-        let key = todo!("populate key somehow");
-        secrecy::Secret::new(key)
+        todo!("either grab the key or figure out how to populate InnerSession session_key field");
+        // let key = Session::set_session(&mut self.0., self.0);
+        let key = self.0.borrow().session_key.clone(); //
+        secrecy::Secret::new(key.unwrap())
     }
     /// Get all raw key-value data from the session.
     ///
diff --git a/actix-session/src/storage/session_key.rs b/actix-session/src/storage/session_key.rs
index fa0269b26b..799e8b7f3c 100644
--- a/actix-session/src/storage/session_key.rs
+++ b/actix-session/src/storage/session_key.rs
@@ -1,6 +1,7 @@
 use std::convert::TryFrom;
 
 use derive_more::{Display, From};
+use secrecy::Secret;
 
 /// A session key, the string stored in a client-side cookie to associate a user with its session
 /// state on the backend.
@@ -17,8 +18,8 @@ use derive_more::{Display, From};
 /// let session_key: Result<SessionKey, _> = key.try_into();
 /// assert!(session_key.is_err());
 /// ```
-#[derive(Debug, PartialEq, Eq, Default, Clone)]
-pub struct SessionKey(pub String);
+#[derive(Debug, Clone)]
+pub struct SessionKey(secrecy::Secret<String>);
 
 impl TryFrom<String> for SessionKey {
     type Error = InvalidSessionKeyError;
@@ -30,13 +31,13 @@ impl TryFrom<String> for SessionKey {
             )
             .into());
         }
-
-        Ok(SessionKey(val))
+        let val_secret = Secret::new(val);
+        Ok(SessionKey(val_secret))
     }
 }
 
-impl AsRef<str> for SessionKey {
-    fn as_ref(&self) -> &str {
+impl AsRef<secrecy::Secret<String>> for SessionKey {
+    fn as_ref(&self) -> &secrecy::Secret<String> {
         &self.0
     }
 }