go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-11-27 22:38:25 +02:00
Code Issues Releases Activity

Fixed #488

Browse Source 
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana
2016-04-26 02:10:57 -07:00
parent 13648d06f3
commit fb8690d42b
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
middleware/auth.go
View File

@@ -23,7 +23,7 @@ type (
JWTAuthConfig struct { JWTAuthConfig struct {
// SigningKey is the key to validate token. // SigningKey is the key to validate token.
// Required. // Required.
SigningKey string SigningKey []byte
// SigningMethod is used to check token signing method. // SigningMethod is used to check token signing method.
// Optional, with default value as `HS256`. // Optional, with default value as `HS256`.
@@ -114,7 +114,7 @@ func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc {
// For empty or invalid `Authorization` header, it sends "400 - Bad Request". // For empty or invalid `Authorization` header, it sends "400 - Bad Request".
// //
// See https://jwt.io/introduction // See https://jwt.io/introduction
func JWTAuth(key string) echo.MiddlewareFunc { func JWTAuth(key []byte) echo.MiddlewareFunc {
c := DefaultJWTAuthConfig c := DefaultJWTAuthConfig
c.SigningKey = key c.SigningKey = key
return JWTAuthWithConfig(c) return JWTAuthWithConfig(c)
@@ -124,7 +124,7 @@ func JWTAuth(key string) echo.MiddlewareFunc {
// See `JWTAuth()`. // See `JWTAuth()`.
func JWTAuthWithConfig(config JWTAuthConfig) echo.MiddlewareFunc { func JWTAuthWithConfig(config JWTAuthConfig) echo.MiddlewareFunc {
// Defaults // Defaults
if config.SigningKey == "" { if config.SigningKey == nil {
panic("jwt middleware requires signing key") panic("jwt middleware requires signing key")
} }
if config.SigningMethod == "" { if config.SigningMethod == "" {
@@ -148,7 +148,7 @@ func JWTAuthWithConfig(config JWTAuthConfig) echo.MiddlewareFunc {
if t.Method.Alg() != config.SigningMethod { if t.Method.Alg() != config.SigningMethod {
return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"]) return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])
} }
return []byte(config.SigningKey), nil return config.SigningKey, nil
}) })
if err == nil && token.Valid { if err == nil && token.Valid {

8
middleware/auth_test.go
View File

@@ -67,7 +67,7 @@ func TestJWTAuth(t *testing.T) {
}) })
// Unexpected signing method // Unexpected signing method
config.SigningKey = "secret" config.SigningKey = []byte("secret")
config.SigningMethod = "RS256" config.SigningMethod = "RS256"
h := JWTAuthWithConfig(config)(handler) h := JWTAuthWithConfig(config)(handler)
he := h(c).(*echo.HTTPError) he := h(c).(*echo.HTTPError)
@@ -76,13 +76,13 @@ func TestJWTAuth(t *testing.T) {
// Invalid key // Invalid key
auth := bearer + " " + token auth := bearer + " " + token
req.Header().Set(echo.HeaderAuthorization, auth) req.Header().Set(echo.HeaderAuthorization, auth)
config.SigningKey = "invalid-key" config.SigningKey = []byte("invalid-key")
h = JWTAuthWithConfig(config)(handler) h = JWTAuthWithConfig(config)(handler)
he = h(c).(*echo.HTTPError) he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusUnauthorized, he.Code) assert.Equal(t, http.StatusUnauthorized, he.Code)
// Valid JWT // Valid JWT
h = JWTAuth("secret")(handler) h = JWTAuth([]byte("secret"))(handler)
if assert.NoError(t, h(c)) { if assert.NoError(t, h(c)) {
user := c.Get("user").(*jwt.Token) user := c.Get("user").(*jwt.Token)
assert.Equal(t, user.Claims["name"], "John Doe") assert.Equal(t, user.Claims["name"], "John Doe")
@@ -90,7 +90,7 @@ func TestJWTAuth(t *testing.T) {
// Invalid Authorization header // Invalid Authorization header
req.Header().Set(echo.HeaderAuthorization, "invalid-auth") req.Header().Set(echo.HeaderAuthorization, "invalid-auth")
h = JWTAuth("secret")(handler) h = JWTAuth([]byte("secret"))(handler)
he = h(c).(*echo.HTTPError) he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusBadRequest, he.Code) assert.Equal(t, http.StatusBadRequest, he.Code)
} }