From b863883b96690cf7ab0974ab7f48b3ae51524878 Mon Sep 17 00:00:00 2001
From: Snorre lothar von Gohren Edwin <snorre.edwin@gmail.com>
Date: Sat, 19 Dec 2015 23:49:37 +0100
Subject: [PATCH] token.go: did some changes to the checks so that it will give
 better error feedback for noobs who write the authorization bearer value
 wrong

---
 token.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/token.go b/token.go
index d35aaa4..4751db7 100644
--- a/token.go
+++ b/token.go
@@ -84,6 +84,9 @@ func (t *Token) SigningString() (string, error) {
 // keyFunc will receive the parsed token and should return the key for validating.
 // If everything is kosher, err will be nil
 func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+	if strings.Contains(strings.ToLower(tokenString), "bearer") {
+		return &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
+	}
 	return new(Parser).Parse(tokenString, keyFunc)
 }
 
@@ -94,9 +97,10 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err error) {
 
 	// Look for an Authorization header
+	_ = "breakpoint"
 	if ah := req.Header.Get("Authorization"); ah != "" {
 		// Should be a bearer token
-		if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" {
+		if len(ah) > 6 && strings.ToUpper(ah[0:7]) == "BEARER " {
 			return Parse(ah[7:], keyFunc)
 		}
 	}