diff --git a/parser_test.go b/parser_test.go index 9115017..0d7f229 100644 --- a/parser_test.go +++ b/parser_test.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/dgrijalva/jwt-go" "io/ioutil" - "net/http" "reflect" "testing" "time" @@ -192,38 +191,6 @@ func TestParser_Parse(t *testing.T) { } } -func TestParseRequest(t *testing.T) { - // Bearer token request - for _, data := range jwtTestData { - // FIXME: custom parsers are not supported by this helper. skip tests that require them - if data.parser != nil { - t.Logf("Skipping [%v]. Custom parsers are not supported by ParseRequest", data.name) - continue - } - - if data.tokenString == "" { - data.tokenString = makeSample(data.claims) - } - - r, _ := http.NewRequest("GET", "/", nil) - r.Header.Set("Authorization", fmt.Sprintf("Bearer %v", data.tokenString)) - token, err := jwt.ParseFromRequest(r, data.keyfunc) - - if token == nil { - t.Errorf("[%v] Token was not found: %v", data.name, err) - continue - } - if !reflect.DeepEqual(data.claims, token.Claims) { - t.Errorf("[%v] Claims mismatch. Expecting: %v Got: %v", data.name, data.claims, token.Claims) - } - if data.valid && err != nil { - t.Errorf("[%v] Error while verifying token: %v", data.name, err) - } - if !data.valid && err == nil { - t.Errorf("[%v] Invalid token passed validation", data.name) - } - } -} // Helper method for benchmarking various methods func benchmarkSigning(b *testing.B, method jwt.SigningMethod, key interface{}) { diff --git a/request/request.go b/request/request.go new file mode 100644 index 0000000..33fc5fb --- /dev/null +++ b/request/request.go @@ -0,0 +1,30 @@ +package request + +import ( + "github.com/dgrijalva/jwt-go" + "strings" + "net/http" +) + +// Try to find the token in an http.Request. +// This method will call ParseMultipartForm if there's no token in the header. +// Currently, it looks in the Authorization header as well as +// looking for an 'access_token' request parameter in req.Form. +func ParseFromRequest(req *http.Request, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) { + + // Look for an Authorization header + if ah := req.Header.Get("Authorization"); ah != "" { + // Should be a bearer token + if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" { + return jwt.Parse(ah[7:], keyFunc) + } + } + + // Look for "access_token" parameter + req.ParseMultipartForm(10e6) + if tokStr := req.Form.Get("access_token"); tokStr != "" { + return jwt.Parse(tokStr, keyFunc) + } + + return nil, jwt.ErrNoTokenInRequest +} diff --git a/request/request_test.go b/request/request_test.go new file mode 100644 index 0000000..6e6ff6c --- /dev/null +++ b/request/request_test.go @@ -0,0 +1,34 @@ +package request + +// func TestParseRequest(t *testing.T) { +// // Bearer token request +// for _, data := range jwtTestData { +// // FIXME: custom parsers are not supported by this helper. skip tests that require them +// if data.parser != nil { +// t.Logf("Skipping [%v]. Custom parsers are not supported by ParseRequest", data.name) +// continue +// } +// +// if data.tokenString == "" { +// data.tokenString = makeSample(data.claims) +// } +// +// r, _ := http.NewRequest("GET", "/", nil) +// r.Header.Set("Authorization", fmt.Sprintf("Bearer %v", data.tokenString)) +// token, err := jwt.ParseFromRequest(r, data.keyfunc) +// +// if token == nil { +// t.Errorf("[%v] Token was not found: %v", data.name, err) +// continue +// } +// if !reflect.DeepEqual(data.claims, token.Claims) { +// t.Errorf("[%v] Claims mismatch. Expecting: %v Got: %v", data.name, data.claims, token.Claims) +// } +// if data.valid && err != nil { +// t.Errorf("[%v] Error while verifying token: %v", data.name, err) +// } +// if !data.valid && err == nil { +// t.Errorf("[%v] Invalid token passed validation", data.name) +// } +// } +// } diff --git a/token.go b/token.go index d35aaa4..9cd59bf 100644 --- a/token.go +++ b/token.go @@ -3,7 +3,6 @@ package jwt import ( "encoding/base64" "encoding/json" - "net/http" "strings" "time" ) @@ -87,30 +86,6 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) { return new(Parser).Parse(tokenString, keyFunc) } -// Try to find the token in an http.Request. -// This method will call ParseMultipartForm if there's no token in the header. -// Currently, it looks in the Authorization header as well as -// looking for an 'access_token' request parameter in req.Form. -func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err error) { - - // Look for an Authorization header - if ah := req.Header.Get("Authorization"); ah != "" { - // Should be a bearer token - if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" { - return Parse(ah[7:], keyFunc) - } - } - - // Look for "access_token" parameter - req.ParseMultipartForm(10e6) - if tokStr := req.Form.Get("access_token"); tokStr != "" { - return Parse(tokStr, keyFunc) - } - - return nil, ErrNoTokenInRequest - -} - // Encode JWT specific base64url encoding with padding stripped func EncodeSegment(seg []byte) string { return strings.TrimRight(base64.URLEncoding.EncodeToString(seg), "=")