Merge branch 'release_3_0_0' of github.com:dgrijalva/jwt-go into release_3_0_0

request/doc.go

@@ -0,0 +1,7 @@
+// Utility package for extracting JWT tokens from
+// HTTP requests.
+//
+// The main function is ParseFromRequest and it's WithClaims variant.
+// See examples for how to use the various Extractor implementations
+// or roll your own.
+package request

request/extractor.go

@@ -0,0 +1,80 @@
+package request
+
+import (
+	"errors"
+	"net/http"
+)
+
+// Errors
+var (
+	ErrNoTokenInRequest = errors.New("no token present in request")
+)
+
+// Interface for extracting a token from an HTTP request.
+// The ExtractToken method should return a token string or an error.
+// If no token is present, you must return ErrNoTokenInRequest.
+type Extractor interface {
+	ExtractToken(*http.Request) (string, error)
+}
+
+// Extractor for finding a token in a header.  Looks at each specified
+// header in order until there's a match
+type HeaderExtractor []string
+
+func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error) {
+	// loop over header names and return the first one that contains data
+	for _, header := range e {
+		if ah := req.Header.Get(header); ah != "" {
+			return ah, nil
+		}
+	}
+	return "", ErrNoTokenInRequest
+}
+
+// Extract token from request arguments.  This includes a POSTed form or
+// GET URL arguments.  Argument names are tried in order until there's a match.
+type ArgumentExtractor []string
+
+func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error) {
+	// Make sure form is parsed
+	req.ParseMultipartForm(10e6)
+
+	// loop over arg names and return the first one that contains data
+	for _, arg := range e {
+		if ah := req.Form.Get(arg); ah != "" {
+			return ah, nil
+		}
+	}
+
+	return "", ErrNoTokenInRequest
+}
+
+// Tries Extractors in order until one returns a token string or an error occurs
+type MultiExtractor []Extractor
+
+func (e MultiExtractor) ExtractToken(req *http.Request) (string, error) {
+	// loop over header names and return the first one that contains data
+	for _, extractor := range e {
+		if tok, err := extractor.ExtractToken(req); tok != "" {
+			return tok, nil
+		} else if err != ErrNoTokenInRequest {
+			return "", err
+		}
+	}
+	return "", ErrNoTokenInRequest
+}
+
+// Wrap an Extractor in this to post-process the value before it's handed off.
+// See AuthorizationHeaderExtractor for an example
+type PostExtractionFilter struct {
+	Extractor
+	Filter func(string) (string, error)
+}
+
+func (e *PostExtractionFilter) ExtractToken(req *http.Request) (string, error) {
+	if tok, err := e.Extractor.ExtractToken(req); tok != "" {
+		return e.Filter(tok)
+	} else {
+		return "", err
+	}
+}

request/extractor_example_test.go

@@ -0,0 +1,32 @@
+package request
+
+import (
+	"fmt"
+	"net/url"
+)
+
+const (
+	exampleTokenA = "A"
+)
+
+func ExampleHeaderExtractor() {
+	req := makeExampleRequest("GET", "/", map[string]string{"Token": exampleTokenA}, nil)
+	tokenString, err := HeaderExtractor{"Token"}.ExtractToken(req)
+	if err == nil {
+		fmt.Println(tokenString)
+	} else {
+		fmt.Println(err)
+	}
+	//Output: A
+}
+
+func ExampleArgumentExtractor() {
+	req := makeExampleRequest("GET", "/", nil, url.Values{"token": {extractorTestTokenA}})
+	tokenString, err := ArgumentExtractor{"token"}.ExtractToken(req)
+	if err == nil {
+		fmt.Println(tokenString)
+	} else {
+		fmt.Println(err)
+	}
+	//Output: A
+}

request/extractor_test.go

@@ -0,0 +1,91 @@
+package request
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+)
+
+var extractorTestTokenA = "A"
+var extractorTestTokenB = "B"
+
+var extractorTestData = []struct {
+	name      string
+	extractor Extractor
+	headers   map[string]string
+	query     url.Values
+	token     string
+	err       error
+}{
+	{
+		name:      "simple header",
+		extractor: HeaderExtractor{"Foo"},
+		headers:   map[string]string{"Foo": extractorTestTokenA},
+		query:     nil,
+		token:     extractorTestTokenA,
+		err:       nil,
+	},
+	{
+		name:      "simple argument",
+		extractor: ArgumentExtractor{"token"},
+		headers:   map[string]string{},
+		query:     url.Values{"token": {extractorTestTokenA}},
+		token:     extractorTestTokenA,
+		err:       nil,
+	},
+	{
+		name: "multiple extractors",
+		extractor: MultiExtractor{
+			HeaderExtractor{"Foo"},
+			ArgumentExtractor{"token"},
+		},
+		headers: map[string]string{"Foo": extractorTestTokenA},
+		query:   url.Values{"token": {extractorTestTokenB}},
+		token:   extractorTestTokenA,
+		err:     nil,
+	},
+	{
+		name:      "simple miss",
+		extractor: HeaderExtractor{"This-Header-Is-Not-Set"},
+		headers:   map[string]string{"Foo": extractorTestTokenA},
+		query:     nil,
+		token:     "",
+		err:       ErrNoTokenInRequest,
+	},
+	{
+		name:      "filter",
+		extractor: AuthorizationHeaderExtractor,
+		headers:   map[string]string{"Authorization": "Bearer " + extractorTestTokenA},
+		query:     nil,
+		token:     extractorTestTokenA,
+		err:       nil,
+	},
+}
+
+func TestExtractor(t *testing.T) {
+	// Bearer token request
+	for _, data := range extractorTestData {
+		// Make request from test struct
+		r := makeExampleRequest("GET", "/", data.headers, data.query)
+
+		// Test extractor
+		token, err := data.extractor.ExtractToken(r)
+		if token != data.token {
+			t.Errorf("[%v] Expected token '%v'.  Got '%v'", data.name, data.token, token)
+			continue
+		}
+		if err != data.err {
+			t.Errorf("[%v] Expected error '%v'.  Got '%v'", data.name, data.err, err)
+			continue
+		}
+	}
+}
+
+func makeExampleRequest(method, path string, headers map[string]string, urlArgs url.Values) *http.Request {
+	r, _ := http.NewRequest(method, fmt.Sprintf("%v?%v", path, urlArgs.Encode()), nil)
+	for k, v := range headers {
+		r.Header.Set(k, v)
+	}
+	return r
+}

request/oauth2.go

@@ -0,0 +1,28 @@
+package request
+
+import (
+	"strings"
+)
+
+// Strips 'Bearer ' prefix from bearer token string
+func stripBearerPrefixFromTokenString(tok string) (string, error) {
+	// Should be a bearer token
+	if len(tok) > 6 && strings.ToUpper(tok[0:7]) == "BEARER " {
+		return tok[7:], nil
+	}
+	return tok, nil
+}
+
+// Extract bearer token from Authorization header
+// Uses PostExtractionFilter to strip "Bearer " prefix from header
+var AuthorizationHeaderExtractor = &PostExtractionFilter{
+	HeaderExtractor{"Authorization"},
+	stripBearerPrefixFromTokenString,
+}
+
+// Extractor for OAuth2 access tokens.  Looks in 'Authorization'
+// header then 'access_token' argument for a token.
+var OAuth2Extractor = &MultiExtractor{
+	AuthorizationHeaderExtractor,
+	ArgumentExtractor{"access_token"},
+}

request/request.go

@@ -1,39 +1,24 @@
 package request
 
 import (
-	"errors"
 	"github.com/dgrijalva/jwt-go"
 	"net/http"
-	"strings"
 )
 
-// Errors
+// Extract and parse a JWT token from an HTTP request.
-var (
+// This behaves the same as Parse, but accepts a request and an extractor
-	ErrNoTokenInRequest = errors.New("no token present in request")
+// instead of a token string.  The Extractor interface allows you to define
-)
+// the logic for extracting a token.  Several useful implementations are provided.
-
+func ParseFromRequest(req *http.Request, extractor Extractor, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) {
-// Try to find the token in an http.Request.
+	return ParseFromRequestWithClaims(req, extractor, jwt.MapClaims{}, keyFunc)
-// This method will call ParseMultipartForm if there's no token in the header.
-// Currently, it looks in the Authorization header as well as
-// looking for an 'access_token' request parameter in req.Form.
-func ParseFromRequest(req *http.Request, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) {
-	return ParseFromRequestWithClaims(req, jwt.MapClaims{}, keyFunc)
 }
 
-func ParseFromRequestWithClaims(req *http.Request, claims jwt.Claims, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) {
+// ParseFromRequest but with custom Claims type
-	// Look for an Authorization header
+func ParseFromRequestWithClaims(req *http.Request, extractor Extractor, claims jwt.Claims, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) {
-	if ah := req.Header.Get("Authorization"); ah != "" {
+	// Extract token from request
-		// Should be a bearer token
+	if tokStr, err := extractor.ExtractToken(req); err == nil {
-		if len(ah) > 6 && strings.ToUpper(ah[0:7]) == "BEARER " {
-			return jwt.ParseWithClaims(ah[7:], claims, keyFunc)
-		}
-	}
-
-	// Look for "access_token" parameter
-	req.ParseMultipartForm(10e6)
-	if tokStr := req.Form.Get("access_token"); tokStr != "" {
 		return jwt.ParseWithClaims(tokStr, claims, keyFunc)
+	} else {
+		return nil, err
 	}
-
-	return nil, ErrNoTokenInRequest
 }

request/request_test.go

@@ -14,13 +14,23 @@ import (
 var requestTestData = []struct {
 	name      string
 	claims    jwt.MapClaims
+	extractor Extractor
 	headers   map[string]string
 	query     url.Values
 	valid     bool
 }{
+	{
+		"authorization bearer token",
+		jwt.MapClaims{"foo": "bar"},
+		AuthorizationHeaderExtractor,
+		map[string]string{"Authorization": "Bearer %v"},
+		url.Values{},
+		true,
+	},
 	{
 		"oauth bearer token - header",
 		jwt.MapClaims{"foo": "bar"},
+		OAuth2Extractor,
 		map[string]string{"Authorization": "Bearer %v"},
 		url.Values{},
 		true,
@@ -28,10 +38,19 @@ var requestTestData = []struct {
 	{
 		"oauth bearer token - url",
 		jwt.MapClaims{"foo": "bar"},
+		OAuth2Extractor,
 		map[string]string{},
 		url.Values{"access_token": {"%v"}},
 		true,
 	},
+	{
+		"url token",
+		jwt.MapClaims{"foo": "bar"},
+		ArgumentExtractor{"token"},
+		map[string]string{},
+		url.Values{"token": {"%v"}},
+		true,
+	},
 }
 
 func TestParseRequest(t *testing.T) {
@@ -65,7 +84,7 @@ func TestParseRequest(t *testing.T) {
 				r.Header.Set(k, tokenString)
 			}
 		}
-		token, err := ParseFromRequestWithClaims(r, jwt.MapClaims{}, keyfunc)
+		token, err := ParseFromRequestWithClaims(r, data.extractor, jwt.MapClaims{}, keyfunc)
 
 		if token == nil {
 			t.Errorf("[%v] Token was not found: %v", data.name, err)