From 57b1269c416b235474f6481bbe89858279522888 Mon Sep 17 00:00:00 2001 From: Snorre lothar von Gohren Edwin Date: Tue, 22 Dec 2015 15:30:57 +0100 Subject: [PATCH] modifications on PR. Added a space in the bearer string check so that we unexpectly dont experience an base64url encoding because bearer is technically part of a valid endcoding, we think. Also moved it into a failed decoding to get a better feedback for the developer, but not do unessecary amount of string checks --- parser.go | 3 +++ token.go | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/parser.go b/parser.go index 3fc27bf..1659ad2 100644 --- a/parser.go +++ b/parser.go @@ -26,6 +26,9 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) { // parse Header var headerBytes []byte if headerBytes, err = DecodeSegment(parts[0]); err != nil { + if strings.Contains(strings.ToLower(tokenString), "bearer ") { + return token, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed} + } return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed} } if err = json.Unmarshal(headerBytes, &token.Header); err != nil { diff --git a/token.go b/token.go index e15ce82..1cf267d 100644 --- a/token.go +++ b/token.go @@ -84,9 +84,6 @@ func (t *Token) SigningString() (string, error) { // keyFunc will receive the parsed token and should return the key for validating. // If everything is kosher, err will be nil func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) { - if strings.Contains(strings.ToLower(tokenString), "bearer") { - return nil, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed} - } return new(Parser).Parse(tokenString, keyFunc) }