switched error details to bitfield

This commit is contained in:
Dave Grijalva 2014-03-09 12:24:51 -07:00
parent aa7f010b16
commit a796f21fd5
2 changed files with 32 additions and 21 deletions

38
jwt.go
View File

@ -92,34 +92,34 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
// parse Header // parse Header
var headerBytes []byte var headerBytes []byte
if headerBytes, err = DecodeSegment(parts[0]); err != nil { if headerBytes, err = DecodeSegment(parts[0]); err != nil {
return token, &ValidationError{err: err.Error(), Malformed: true} return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
} }
if err = json.Unmarshal(headerBytes, &token.Header); err != nil { if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
return token, &ValidationError{err: err.Error(), Malformed: true} return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
} }
// parse Claims // parse Claims
var claimBytes []byte var claimBytes []byte
if claimBytes, err = DecodeSegment(parts[1]); err != nil { if claimBytes, err = DecodeSegment(parts[1]); err != nil {
return token, &ValidationError{err: err.Error(), Malformed: true} return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
} }
if err = json.Unmarshal(claimBytes, &token.Claims); err != nil { if err = json.Unmarshal(claimBytes, &token.Claims); err != nil {
return token, &ValidationError{err: err.Error(), Malformed: true} return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
} }
// Lookup signature method // Lookup signature method
if method, ok := token.Header["alg"].(string); ok { if method, ok := token.Header["alg"].(string); ok {
if token.Method = GetSigningMethod(method); token.Method == nil { if token.Method = GetSigningMethod(method); token.Method == nil {
return token, &ValidationError{err: "Signing method (alg) is unavailable.", Unverifiable: true} return token, &ValidationError{err: "Signing method (alg) is unavailable.", Errors: ValidationErrorUnverifiable}
} }
} else { } else {
return token, &ValidationError{err: "Signing method (alg) is unspecified.", Unverifiable: true} return token, &ValidationError{err: "Signing method (alg) is unspecified.", Errors: ValidationErrorUnverifiable}
} }
// Lookup key // Lookup key
var key []byte var key []byte
if key, err = keyFunc(token); err != nil { if key, err = keyFunc(token); err != nil {
return token, &ValidationError{err: err.Error(), Unverifiable: true} return token, &ValidationError{err: err.Error(), Errors: ValidationErrorUnverifiable}
} }
// Check expiration times // Check expiration times
@ -128,20 +128,20 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
if exp, ok := token.Claims["exp"].(float64); ok { if exp, ok := token.Claims["exp"].(float64); ok {
if now > int64(exp) { if now > int64(exp) {
vErr.err = "Token is expired" vErr.err = "Token is expired"
vErr.Expired = true vErr.Errors |= ValidationErrorExpired
} }
} }
if nbf, ok := token.Claims["nbf"].(float64); ok { if nbf, ok := token.Claims["nbf"].(float64); ok {
if now < int64(nbf) { if now < int64(nbf) {
vErr.err = "Token is not valid yet" vErr.err = "Token is not valid yet"
vErr.NotValidYet = true vErr.Errors |= ValidationErrorNotValidYet
} }
} }
// Perform validation // Perform validation
if err = token.Method.Verify(strings.Join(parts[0:2], "."), parts[2], key); err != nil { if err = token.Method.Verify(strings.Join(parts[0:2], "."), parts[2], key); err != nil {
vErr.err = err.Error() vErr.err = err.Error()
vErr.SignatureInvalid = true vErr.Errors |= ValidationErrorSignatureInvalid
} }
if vErr.valid() { if vErr.valid() {
@ -152,18 +152,22 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
return token, vErr return token, vErr
} else { } else {
return nil, &ValidationError{err: "Token contains an invalid number of segments", Malformed: true} return nil, &ValidationError{err: "Token contains an invalid number of segments", Errors: ValidationErrorMalformed}
} }
} }
const (
ValidationErrorMalformed uint32 = 1 << iota // Token is malformed
ValidationErrorUnverifiable // Token could not be verified because of signing problems
ValidationErrorSignatureInvalid // Signature validation failed
ValidationErrorExpired // Exp validation failed
ValidationErrorNotValidYet // NBF validation failed
)
// The error from Parse if token is not valid // The error from Parse if token is not valid
type ValidationError struct { type ValidationError struct {
err string err string
Malformed bool //Token is malformed Errors uint32 // bitfield. see ValidationError... constants
Unverifiable bool // Token could not be verified because of signing problems
SignatureInvalid bool // Signature validation failed
Expired bool // Exp validation failed
NotValidYet bool // NBF validation failed
} }
// Validation error is an error type // Validation error is an error type
@ -176,7 +180,7 @@ func (e *ValidationError) Error() string {
// No errors // No errors
func (e *ValidationError) valid() bool { func (e *ValidationError) valid() bool {
if e.Malformed || e.Unverifiable || e.SignatureInvalid || e.Expired || e.NotValidYet { if e.Errors > 0 {
return false return false
} }
return true return true

View File

@ -30,21 +30,28 @@ var jwtTestData = []struct {
"", // autogen "", // autogen
map[string]interface{}{"foo": "bar", "exp": float64(time.Now().Unix() - 100)}, map[string]interface{}{"foo": "bar", "exp": float64(time.Now().Unix() - 100)},
false, false,
&ValidationError{Expired: true}, &ValidationError{Errors: ValidationErrorExpired},
}, },
{ {
"basic nbf", "basic nbf",
"", // autogen "", // autogen
map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100)}, map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100)},
false, false,
&ValidationError{NotValidYet: true}, &ValidationError{Errors: ValidationErrorNotValidYet},
},
{
"expired and nbf",
"", // autogen
map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100), "exp": float64(time.Now().Unix() - 100)},
false,
&ValidationError{Errors: ValidationErrorNotValidYet | ValidationErrorExpired},
}, },
{ {
"basic invalid", "basic invalid",
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg", "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
map[string]interface{}{"foo": "bar"}, map[string]interface{}{"foo": "bar"},
false, false,
&ValidationError{SignatureInvalid: true}, &ValidationError{Errors: ValidationErrorSignatureInvalid},
}, },
} }