forked from mirror/jwt
modifications on PR. Added a space in the bearer string check so that we unexpectly dont experience an base64url encoding because bearer is technically part of a valid endcoding, we think. Also moved it into a failed decoding to get a better feedback for the developer, but not do unessecary amount of string checks
This commit is contained in:
parent
1f970af1f8
commit
57b1269c41
|
@ -26,6 +26,9 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
|||
// parse Header
|
||||
var headerBytes []byte
|
||||
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
|
||||
if strings.Contains(strings.ToLower(tokenString), "bearer ") {
|
||||
return token, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
|
||||
}
|
||||
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
||||
}
|
||||
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
||||
|
|
3
token.go
3
token.go
|
@ -84,9 +84,6 @@ func (t *Token) SigningString() (string, error) {
|
|||
// keyFunc will receive the parsed token and should return the key for validating.
|
||||
// If everything is kosher, err will be nil
|
||||
func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
||||
if strings.Contains(strings.ToLower(tokenString), "bearer") {
|
||||
return nil, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
|
||||
}
|
||||
return new(Parser).Parse(tokenString, keyFunc)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue