mirror of
https://forgejo.merr.is/annika/jwtauth.git
synced 2025-12-11 13:47:41 -05:00
Fixed an issue with panic error when token supplied was signed with a different
`alg` method than expected
```
...
token, err := ja.Decode(tokenStr)
if err != nil || !token.Valid || token.Method != ja.signer {
switch err.Error() { ... } // panic when `err == nil` but `token.Method != ja.signer`
...
}
```
Added test to cover this case.
This commit is contained in:
Hafiz Ismail
parent
debde9569f
commit
293f48cc84
2 changed files with 43 additions and 1 deletions
|
|
@ -106,7 +106,7 @@ func (ja *JwtAuth) Verify(paramAliases ...string) func(chi.Handler) chi.Handler
|
|||
|
||||
// Verify the token
|
||||
token, err := ja.Decode(tokenStr)
|
||||
if err != nil || !token.Valid || token.Method != ja.signer {
|
||||
if err != nil {
|
||||
switch err.Error() {
|
||||
case "token is expired":
|
||||
err = ErrExpired
|
||||
|
|
@ -117,6 +117,13 @@ func (ja *JwtAuth) Verify(paramAliases ...string) func(chi.Handler) chi.Handler
|
|||
return
|
||||
}
|
||||
|
||||
if !token.Valid || token.Method != ja.signer {
|
||||
err = ErrUnauthorized
|
||||
ctx = ja.SetContext(ctx, token, err)
|
||||
next.ServeHTTPC(ctx, w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// Check expiry via "exp" claim
|
||||
if ja.IsExpired(token) {
|
||||
err = ErrExpired
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue