mirror of
https://github.com/labstack/echo.git
synced 2024-12-24 20:14:31 +02:00
Support form fields in jwt middleware
This commit is contained in:
parent
502cce28d5
commit
2152e4e872
@ -57,6 +57,7 @@ type (
|
||||
// - "query:<name>"
|
||||
// - "param:<name>"
|
||||
// - "cookie:<name>"
|
||||
// - "form:<name>"
|
||||
TokenLookup string
|
||||
|
||||
// AuthScheme to be used in the Authorization header.
|
||||
@ -167,6 +168,8 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
|
||||
extractor = jwtFromParam(parts[1])
|
||||
case "cookie":
|
||||
extractor = jwtFromCookie(parts[1])
|
||||
case "form":
|
||||
extractor = jwtFromForm(parts[1])
|
||||
}
|
||||
|
||||
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
@ -266,3 +269,14 @@ func jwtFromCookie(name string) jwtExtractor {
|
||||
return cookie.Value, nil
|
||||
}
|
||||
}
|
||||
|
||||
// jwtFromForm returns a `jwtExtractor` that extracts token from the form field.
|
||||
func jwtFromForm(name string) jwtExtractor {
|
||||
return func(c echo.Context) (string, error) {
|
||||
field := c.FormValue(name)
|
||||
if field == "" {
|
||||
return "", ErrJWTMissing
|
||||
}
|
||||
return field, nil
|
||||
}
|
||||
}
|
||||
|
@ -3,6 +3,8 @@ package middleware
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
@ -75,6 +77,7 @@ func TestJWT(t *testing.T) {
|
||||
reqURL string // "/" if empty
|
||||
hdrAuth string
|
||||
hdrCookie string // test.Request doesn't provide SetCookie(); use name=val
|
||||
formValues map[string]string
|
||||
info string
|
||||
}{
|
||||
{
|
||||
@ -192,12 +195,48 @@ func TestJWT(t *testing.T) {
|
||||
expErrCode: http.StatusBadRequest,
|
||||
info: "Empty cookie",
|
||||
},
|
||||
{
|
||||
config: JWTConfig{
|
||||
SigningKey: validKey,
|
||||
TokenLookup: "form:jwt",
|
||||
},
|
||||
formValues: map[string]string{"jwt": token},
|
||||
info: "Valid form method",
|
||||
},
|
||||
{
|
||||
config: JWTConfig{
|
||||
SigningKey: validKey,
|
||||
TokenLookup: "form:jwt",
|
||||
},
|
||||
expErrCode: http.StatusUnauthorized,
|
||||
formValues: map[string]string{"jwt": "invalid"},
|
||||
info: "Invalid token with form method",
|
||||
},
|
||||
{
|
||||
config: JWTConfig{
|
||||
SigningKey: validKey,
|
||||
TokenLookup: "form:jwt",
|
||||
},
|
||||
expErrCode: http.StatusBadRequest,
|
||||
info: "Empty form field",
|
||||
},
|
||||
} {
|
||||
if tc.reqURL == "" {
|
||||
tc.reqURL = "/"
|
||||
}
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, tc.reqURL, nil)
|
||||
var req *http.Request
|
||||
if len(tc.formValues) > 0 {
|
||||
form := url.Values{}
|
||||
for k, v := range tc.formValues {
|
||||
form.Set(k, v)
|
||||
}
|
||||
req = httptest.NewRequest(http.MethodPost, tc.reqURL, strings.NewReader(form.Encode()))
|
||||
req.Header.Set(echo.HeaderContentType, "application/x-www-form-urlencoded")
|
||||
req.ParseForm()
|
||||
} else {
|
||||
req = httptest.NewRequest(http.MethodGet, tc.reqURL, nil)
|
||||
}
|
||||
res := httptest.NewRecorder()
|
||||
req.Header.Set(echo.HeaderAuthorization, tc.hdrAuth)
|
||||
req.Header.Set(echo.HeaderCookie, tc.hdrCookie)
|
||||
|
Loading…
Reference in New Issue
Block a user