modifications on PR. Added a space in the bearer string check so that we unexpectly dont experience an base64url encoding because bearer is technically part of a valid endcoding, we think. Also moved it into a failed decoding to get a better feedback for the developer, but not do unessecary amount of string checks

This commit is contained in:
Snorre lothar von Gohren Edwin 2015-12-22 15:30:57 +01:00
parent 1f970af1f8
commit 57b1269c41
2 changed files with 3 additions and 3 deletions

View File

@ -26,6 +26,9 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
// parse Header
var headerBytes []byte
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
if strings.Contains(strings.ToLower(tokenString), "bearer ") {
return token, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
}
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
}
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {

View File

@ -84,9 +84,6 @@ func (t *Token) SigningString() (string, error) {
// keyFunc will receive the parsed token and should return the key for validating.
// If everything is kosher, err will be nil
func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
if strings.Contains(strings.ToLower(tokenString), "bearer") {
return nil, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
}
return new(Parser).Parse(tokenString, keyFunc)
}