Skip to content

Commit a187673

Browse files
committed
Disallow invalid character after BEARER prefix
1 parent b65e1d3 commit a187673

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

jwtauth.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -268,7 +268,7 @@ func TokenFromCookie(r *http.Request) string {
268268
func TokenFromHeader(r *http.Request) string {
269269
// Get token from authorization header.
270270
bearer := r.Header.Get("Authorization")
271-
if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
271+
if len(bearer) > 7 && strings.ToUpper(bearer[0:7]) == "BEARER " {
272272
return bearer[7:]
273273
}
274274
return ""

jwtauth_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,8 +84,8 @@ func TestSimple(t *testing.T) {
8484
{Name: "valid BEARER", Authorization: "BEARER " + newJwtToken(TokenSecret), Status: 200, Resp: "welcome"},
8585
{Name: "valid bearer", Authorization: "bearer " + newJwtToken(TokenSecret), Status: 200, Resp: "welcome"},
8686
{Name: "valid claim", Authorization: "Bearer " + newJwtToken(TokenSecret, map[string]interface{}{"service": "test"}), Status: 200, Resp: "welcome"},
87-
{Name: "invalid bearer_", Authorization: "BEARER_" + newJwtToken(TokenSecret), Status: 401, Resp: "token is unauthorized\n"},
88-
{Name: "invalid bearerx", Authorization: "BEARERx" + newJwtToken(TokenSecret), Status: 401, Resp: "token is unauthorized\n"},
87+
{Name: "invalid bearer_", Authorization: "BEARER_" + newJwtToken(TokenSecret), Status: 401, Resp: "no token found\n"},
88+
{Name: "invalid bearerx", Authorization: "BEARERx" + newJwtToken(TokenSecret), Status: 401, Resp: "no token found\n"},
8989
}
9090

9191
for _, tc := range tt {

0 commit comments

Comments
 (0)