mirror of https://github.com/golang-jwt/jwt.git
modifications on PR. Added a space in the bearer string check so that we unexpectly dont experience an base64url encoding because bearer is technically part of a valid endcoding, we think. Also moved it into a failed decoding to get a better feedback for the developer, but not do unessecary amount of string checks
This commit is contained in:
parent
1f970af1f8
commit
57b1269c41
|
@ -26,6 +26,9 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
||||||
// parse Header
|
// parse Header
|
||||||
var headerBytes []byte
|
var headerBytes []byte
|
||||||
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
|
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
|
||||||
|
if strings.Contains(strings.ToLower(tokenString), "bearer ") {
|
||||||
|
return token, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
|
||||||
|
}
|
||||||
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
||||||
}
|
}
|
||||||
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
||||||
|
|
3
token.go
3
token.go
|
@ -84,9 +84,6 @@ func (t *Token) SigningString() (string, error) {
|
||||||
// keyFunc will receive the parsed token and should return the key for validating.
|
// keyFunc will receive the parsed token and should return the key for validating.
|
||||||
// If everything is kosher, err will be nil
|
// If everything is kosher, err will be nil
|
||||||
func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
||||||
if strings.Contains(strings.ToLower(tokenString), "bearer") {
|
|
||||||
return nil, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
|
|
||||||
}
|
|
||||||
return new(Parser).Parse(tokenString, keyFunc)
|
return new(Parser).Parse(tokenString, keyFunc)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue