forked from mirror/jwt
switched error details to bitfield
This commit is contained in:
parent
aa7f010b16
commit
a796f21fd5
38
jwt.go
38
jwt.go
|
@ -92,34 +92,34 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
||||||
// parse Header
|
// parse Header
|
||||||
var headerBytes []byte
|
var headerBytes []byte
|
||||||
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
|
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
|
||||||
return token, &ValidationError{err: err.Error(), Malformed: true}
|
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
||||||
}
|
}
|
||||||
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
||||||
return token, &ValidationError{err: err.Error(), Malformed: true}
|
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
||||||
}
|
}
|
||||||
|
|
||||||
// parse Claims
|
// parse Claims
|
||||||
var claimBytes []byte
|
var claimBytes []byte
|
||||||
if claimBytes, err = DecodeSegment(parts[1]); err != nil {
|
if claimBytes, err = DecodeSegment(parts[1]); err != nil {
|
||||||
return token, &ValidationError{err: err.Error(), Malformed: true}
|
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
||||||
}
|
}
|
||||||
if err = json.Unmarshal(claimBytes, &token.Claims); err != nil {
|
if err = json.Unmarshal(claimBytes, &token.Claims); err != nil {
|
||||||
return token, &ValidationError{err: err.Error(), Malformed: true}
|
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lookup signature method
|
// Lookup signature method
|
||||||
if method, ok := token.Header["alg"].(string); ok {
|
if method, ok := token.Header["alg"].(string); ok {
|
||||||
if token.Method = GetSigningMethod(method); token.Method == nil {
|
if token.Method = GetSigningMethod(method); token.Method == nil {
|
||||||
return token, &ValidationError{err: "Signing method (alg) is unavailable.", Unverifiable: true}
|
return token, &ValidationError{err: "Signing method (alg) is unavailable.", Errors: ValidationErrorUnverifiable}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
return token, &ValidationError{err: "Signing method (alg) is unspecified.", Unverifiable: true}
|
return token, &ValidationError{err: "Signing method (alg) is unspecified.", Errors: ValidationErrorUnverifiable}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lookup key
|
// Lookup key
|
||||||
var key []byte
|
var key []byte
|
||||||
if key, err = keyFunc(token); err != nil {
|
if key, err = keyFunc(token); err != nil {
|
||||||
return token, &ValidationError{err: err.Error(), Unverifiable: true}
|
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorUnverifiable}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check expiration times
|
// Check expiration times
|
||||||
|
@ -128,20 +128,20 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
||||||
if exp, ok := token.Claims["exp"].(float64); ok {
|
if exp, ok := token.Claims["exp"].(float64); ok {
|
||||||
if now > int64(exp) {
|
if now > int64(exp) {
|
||||||
vErr.err = "Token is expired"
|
vErr.err = "Token is expired"
|
||||||
vErr.Expired = true
|
vErr.Errors |= ValidationErrorExpired
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if nbf, ok := token.Claims["nbf"].(float64); ok {
|
if nbf, ok := token.Claims["nbf"].(float64); ok {
|
||||||
if now < int64(nbf) {
|
if now < int64(nbf) {
|
||||||
vErr.err = "Token is not valid yet"
|
vErr.err = "Token is not valid yet"
|
||||||
vErr.NotValidYet = true
|
vErr.Errors |= ValidationErrorNotValidYet
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Perform validation
|
// Perform validation
|
||||||
if err = token.Method.Verify(strings.Join(parts[0:2], "."), parts[2], key); err != nil {
|
if err = token.Method.Verify(strings.Join(parts[0:2], "."), parts[2], key); err != nil {
|
||||||
vErr.err = err.Error()
|
vErr.err = err.Error()
|
||||||
vErr.SignatureInvalid = true
|
vErr.Errors |= ValidationErrorSignatureInvalid
|
||||||
}
|
}
|
||||||
|
|
||||||
if vErr.valid() {
|
if vErr.valid() {
|
||||||
|
@ -152,18 +152,22 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
||||||
return token, vErr
|
return token, vErr
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
return nil, &ValidationError{err: "Token contains an invalid number of segments", Malformed: true}
|
return nil, &ValidationError{err: "Token contains an invalid number of segments", Errors: ValidationErrorMalformed}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
ValidationErrorMalformed uint32 = 1 << iota // Token is malformed
|
||||||
|
ValidationErrorUnverifiable // Token could not be verified because of signing problems
|
||||||
|
ValidationErrorSignatureInvalid // Signature validation failed
|
||||||
|
ValidationErrorExpired // Exp validation failed
|
||||||
|
ValidationErrorNotValidYet // NBF validation failed
|
||||||
|
)
|
||||||
|
|
||||||
// The error from Parse if token is not valid
|
// The error from Parse if token is not valid
|
||||||
type ValidationError struct {
|
type ValidationError struct {
|
||||||
err string
|
err string
|
||||||
Malformed bool //Token is malformed
|
Errors uint32 // bitfield. see ValidationError... constants
|
||||||
Unverifiable bool // Token could not be verified because of signing problems
|
|
||||||
SignatureInvalid bool // Signature validation failed
|
|
||||||
Expired bool // Exp validation failed
|
|
||||||
NotValidYet bool // NBF validation failed
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validation error is an error type
|
// Validation error is an error type
|
||||||
|
@ -176,7 +180,7 @@ func (e *ValidationError) Error() string {
|
||||||
|
|
||||||
// No errors
|
// No errors
|
||||||
func (e *ValidationError) valid() bool {
|
func (e *ValidationError) valid() bool {
|
||||||
if e.Malformed || e.Unverifiable || e.SignatureInvalid || e.Expired || e.NotValidYet {
|
if e.Errors > 0 {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
|
|
13
jwt_test.go
13
jwt_test.go
|
@ -30,21 +30,28 @@ var jwtTestData = []struct {
|
||||||
"", // autogen
|
"", // autogen
|
||||||
map[string]interface{}{"foo": "bar", "exp": float64(time.Now().Unix() - 100)},
|
map[string]interface{}{"foo": "bar", "exp": float64(time.Now().Unix() - 100)},
|
||||||
false,
|
false,
|
||||||
&ValidationError{Expired: true},
|
&ValidationError{Errors: ValidationErrorExpired},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"basic nbf",
|
"basic nbf",
|
||||||
"", // autogen
|
"", // autogen
|
||||||
map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100)},
|
map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100)},
|
||||||
false,
|
false,
|
||||||
&ValidationError{NotValidYet: true},
|
&ValidationError{Errors: ValidationErrorNotValidYet},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"expired and nbf",
|
||||||
|
"", // autogen
|
||||||
|
map[string]interface{}{"foo": "bar", "nbf": float64(time.Now().Unix() + 100), "exp": float64(time.Now().Unix() - 100)},
|
||||||
|
false,
|
||||||
|
&ValidationError{Errors: ValidationErrorNotValidYet | ValidationErrorExpired},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"basic invalid",
|
"basic invalid",
|
||||||
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
|
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
|
||||||
map[string]interface{}{"foo": "bar"},
|
map[string]interface{}{"foo": "bar"},
|
||||||
false,
|
false,
|
||||||
&ValidationError{SignatureInvalid: true},
|
&ValidationError{Errors: ValidationErrorSignatureInvalid},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue