mirror of https://github.com/golang-jwt/jwt.git
122 lines
4.2 KiB
Go
122 lines
4.2 KiB
Go
package jwt
|
|
|
|
import (
|
|
"errors"
|
|
)
|
|
|
|
// Error constants
|
|
var (
|
|
ErrInvalidKey = errors.New("key is invalid")
|
|
ErrInvalidKeyType = errors.New("key is of invalid type")
|
|
ErrHashUnavailable = errors.New("the requested hash function is unavailable")
|
|
|
|
ErrTokenMalformed = errors.New("token is malformed")
|
|
ErrTokenUnverifiable = errors.New("token is unverifiable")
|
|
ErrTokenSignatureInvalid = errors.New("token signature is invalid")
|
|
|
|
ErrTokenInvalidAudience = errors.New("token has invalid audience")
|
|
ErrTokenExpired = errors.New("token is expired")
|
|
ErrTokenUsedBeforeIssued = errors.New("token used before issued")
|
|
ErrTokenInvalidIssuer = errors.New("token has invalid issuer")
|
|
ErrTokenInvalidSubject = errors.New("token has invalid subject")
|
|
ErrTokenNotValidYet = errors.New("token is not valid yet")
|
|
ErrTokenInvalidId = errors.New("token has invalid id")
|
|
ErrTokenInvalidClaims = errors.New("token has invalid claims")
|
|
|
|
ErrInvalidType = errors.New("invalid type for claim")
|
|
)
|
|
|
|
// The errors that might occur when parsing and validating a token
|
|
const (
|
|
ValidationErrorMalformed uint32 = 1 << iota // Token is malformed
|
|
ValidationErrorUnverifiable // Token could not be verified because of signing problems
|
|
ValidationErrorSignatureInvalid // Signature validation failed
|
|
|
|
// Registered Claim validation errors
|
|
ValidationErrorAudience // AUD validation failed
|
|
ValidationErrorExpired // EXP validation failed
|
|
ValidationErrorIssuedAt // IAT validation failed
|
|
ValidationErrorIssuer // ISS validation failed
|
|
ValidationErrorSubject // SUB validation failed
|
|
ValidationErrorNotValidYet // NBF validation failed
|
|
ValidationErrorId // JTI validation failed
|
|
ValidationErrorClaimsInvalid // Generic claims validation error
|
|
)
|
|
|
|
// NewValidationError is a helper for constructing a ValidationError with a string error message
|
|
func NewValidationError(errorText string, errorFlags uint32) *ValidationError {
|
|
return &ValidationError{
|
|
text: errorText,
|
|
Errors: errorFlags,
|
|
}
|
|
}
|
|
|
|
// ValidationError represents an error from Parse if token is not valid
|
|
type ValidationError struct {
|
|
// Inner stores the error returned by external dependencies, e.g.: KeyFunc
|
|
Inner error
|
|
// Errors is a bit-field. See ValidationError... constants
|
|
Errors uint32
|
|
// Text can be used for errors that do not have a valid error just have text
|
|
text string
|
|
}
|
|
|
|
// Error is the implementation of the err interface.
|
|
func (e ValidationError) Error() string {
|
|
if e.Inner != nil {
|
|
return e.Inner.Error()
|
|
} else if e.text != "" {
|
|
return e.text
|
|
} else {
|
|
return "token is invalid"
|
|
}
|
|
}
|
|
|
|
// Unwrap gives errors.Is and errors.As access to the inner error.
|
|
func (e *ValidationError) Unwrap() error {
|
|
return e.Inner
|
|
}
|
|
|
|
// No errors
|
|
func (e *ValidationError) valid() bool {
|
|
return e.Errors == 0
|
|
}
|
|
|
|
// Is checks if this ValidationError is of the supplied error. We are first
|
|
// checking for the exact error message by comparing the inner error message. If
|
|
// that fails, we compare using the error flags. This way we can use custom
|
|
// error messages (mainly for backwards compatibility) and still leverage
|
|
// errors.Is using the global error variables.
|
|
func (e *ValidationError) Is(err error) bool {
|
|
// Check, if our inner error is a direct match
|
|
if errors.Is(errors.Unwrap(e), err) {
|
|
return true
|
|
}
|
|
|
|
// Otherwise, we need to match using our error flags
|
|
switch err {
|
|
case ErrTokenMalformed:
|
|
return e.Errors&ValidationErrorMalformed != 0
|
|
case ErrTokenUnverifiable:
|
|
return e.Errors&ValidationErrorUnverifiable != 0
|
|
case ErrTokenSignatureInvalid:
|
|
return e.Errors&ValidationErrorSignatureInvalid != 0
|
|
case ErrTokenInvalidAudience:
|
|
return e.Errors&ValidationErrorAudience != 0
|
|
case ErrTokenExpired:
|
|
return e.Errors&ValidationErrorExpired != 0
|
|
case ErrTokenUsedBeforeIssued:
|
|
return e.Errors&ValidationErrorIssuedAt != 0
|
|
case ErrTokenInvalidIssuer:
|
|
return e.Errors&ValidationErrorIssuer != 0
|
|
case ErrTokenNotValidYet:
|
|
return e.Errors&ValidationErrorNotValidYet != 0
|
|
case ErrTokenInvalidId:
|
|
return e.Errors&ValidationErrorId != 0
|
|
case ErrTokenInvalidClaims:
|
|
return e.Errors&ValidationErrorClaimsInvalid != 0
|
|
}
|
|
|
|
return false
|
|
}
|