Warn when using http without insecure cookie

Closes #114

internal/server_test.go

@@ -10,6 +10,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/sirupsen/logrus"
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/oauth2"
@@ -32,6 +34,8 @@ func init() {
 func TestServerAuthHandlerInvalid(t *testing.T) {
 	assert := assert.New(t)
 	config = newDefaultConfig()
+	var hook *test.Hook
+	log, hook = test.NewNullLogger()
 
 	// Should redirect vanilla request to login url
 	req := newDefaultHttpRequest("/foo")
@@ -53,6 +57,14 @@ func TestServerAuthHandlerInvalid(t *testing.T) {
 	assert.Equal("google", parts[1])
 	assert.Equal("http://example.com/foo", parts[2])
 
+	// Should warn as using http without insecure cookie
+	logs := hook.AllEntries()
+	assert.Len(logs, 1)
+	assert.Equal("You are using \"secure\" cookies for a request that was not "+
+		"received via https. You should either redirect to https or pass the "+
+		"\"insecure-cookie\" config option to permit cookies via http.", logs[0].Message)
+	assert.Equal(logrus.WarnLevel, logs[0].Level)
+
 	// Should catch invalid cookie
 	req = newDefaultHttpRequest("/foo")
 	c := MakeCookie(req, "test@example.com")