switched error details to bitfield

jwt.go

@@ -92,34 +92,34 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 		// parse Header
 		var headerBytes []byte
 		if headerBytes, err = DecodeSegment(parts[0]); err != nil {
-			return token, &ValidationError{err: err.Error(), Malformed: true}
+			return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
 		}
 		if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
-			return token, &ValidationError{err: err.Error(), Malformed: true}
+			return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
 		}
 
 		// parse Claims
 		var claimBytes []byte
 		if claimBytes, err = DecodeSegment(parts[1]); err != nil {
-			return token, &ValidationError{err: err.Error(), Malformed: true}
+			return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
 		}
 		if err = json.Unmarshal(claimBytes, &token.Claims); err != nil {
-			return token, &ValidationError{err: err.Error(), Malformed: true}
+			return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
 		}
 
 		// Lookup signature method
 		if method, ok := token.Header["alg"].(string); ok {
 			if token.Method = GetSigningMethod(method); token.Method == nil {
-				return token, &ValidationError{err: "Signing method (alg) is unavailable.", Unverifiable: true}
+				return token, &ValidationError{err: "Signing method (alg) is unavailable.", Errors: ValidationErrorUnverifiable}
 			}
 		} else {
-			return token, &ValidationError{err: "Signing method (alg) is unspecified.", Unverifiable: true}
+			return token, &ValidationError{err: "Signing method (alg) is unspecified.", Errors: ValidationErrorUnverifiable}
 		}
 
 		// Lookup key
 		var key []byte
 		if key, err = keyFunc(token); err != nil {
-			return token, &ValidationError{err: err.Error(), Unverifiable: true}
+			return token, &ValidationError{err: err.Error(), Errors: ValidationErrorUnverifiable}
 		}
 
 		// Check expiration times
@@ -128,20 +128,20 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 		if exp, ok := token.Claims["exp"].(float64); ok {
 			if now > int64(exp) {
 				vErr.err = "Token is expired"
-				vErr.Expired = true
+				vErr.Errors |= ValidationErrorExpired
 			}
 		}
 		if nbf, ok := token.Claims["nbf"].(float64); ok {
 			if now < int64(nbf) {
 				vErr.err = "Token is not valid yet"
-				vErr.NotValidYet = true
+				vErr.Errors |= ValidationErrorNotValidYet
 			}
 		}
 
 		// Perform validation
 		if err = token.Method.Verify(strings.Join(parts[0:2], "."), parts[2], key); err != nil {
 			vErr.err = err.Error()
-			vErr.SignatureInvalid = true
+			vErr.Errors |= ValidationErrorSignatureInvalid
 		}
 
 		if vErr.valid() {
@@ -152,18 +152,22 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 		return token, vErr
 
 	} else {
-		return nil, &ValidationError{err: "Token contains an invalid number of segments", Malformed: true}
+		return nil, &ValidationError{err: "Token contains an invalid number of segments", Errors: ValidationErrorMalformed}
 	}
 }
 
+const (
+	ValidationErrorMalformed        uint32 = 1 << iota // Token is malformed
+	ValidationErrorUnverifiable                        // Token could not be verified because of signing problems
+	ValidationErrorSignatureInvalid                    // Signature validation failed
+	ValidationErrorExpired                             // Exp validation failed
+	ValidationErrorNotValidYet                         // NBF validation failed
+)
+
 // The error from Parse if token is not valid
 type ValidationError struct {
-	err              string
-	Malformed        bool //Token is malformed
-	Unverifiable     bool // Token could not be verified because of signing problems
-	SignatureInvalid bool // Signature validation failed
-	Expired          bool // Exp validation failed
-	NotValidYet      bool // NBF validation failed
+	err    string
+	Errors uint32 // bitfield.  see ValidationError... constants
 }
 
 // Validation error is an error type
@@ -176,7 +180,7 @@ func (e *ValidationError) Error() string {
 
 // No errors
 func (e *ValidationError) valid() bool {
-	if e.Malformed || e.Unverifiable || e.SignatureInvalid || e.Expired || e.NotValidYet {
+	if e.Errors > 0 {
 		return false
 	}
 	return true

jwt_test.go

@@ -30,21 +30,28 @@ var jwtTestData = []struct {
 		"", // autogen
 		map[string]interface{}{"foo": "bar", "exp": float64(time.Now().Unix() - 100)},
 		false,
-		&ValidationError{Expired: true},
+		&ValidationError{Errors: ValidationErrorExpired},
 	},
 	{
 		"basic nbf",
 		"", // autogen
 		map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100)},
 		false,
-		&ValidationError{NotValidYet: true},
+		&ValidationError{Errors: ValidationErrorNotValidYet},
+	},
+	{
+		"expired and nbf",
+		"", // autogen
+		map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100), "exp": float64(time.Now().Unix() - 100)},
+		false,
+		&ValidationError{Errors: ValidationErrorNotValidYet | ValidationErrorExpired},
 	},
 	{
 		"basic invalid",
 		"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
 		map[string]interface{}{"foo": "bar"},
 		false,
-		&ValidationError{SignatureInvalid: true},
+		&ValidationError{Errors: ValidationErrorSignatureInvalid},
 	},
 }