Merge pull request #18 from henderjon/master

robbert229 · web-flow · commit 81ddea8e91ee · 2018-03-06T19:24:34.000-08:00
Algorithm.Sign() was pre-encoding the signature; the rest of the lib then double encoded them
diff --git a/algorithms.go b/algorithms.go
@@ -41,13 +41,13 @@ func (a *Algorithm) write(data []byte) (int, error) {
 }
 
 // Sign signs the token with the given hash, and key
-func (a *Algorithm) Sign(unsignedToken string) (string, error) {
+func (a *Algorithm) Sign(unsignedToken string) ([]byte, error) {
 	_, err := a.write([]byte(unsignedToken))
 	if err != nil {
-		return "", errors.Wrap(err, "Unable to write to HMAC-SHA256")
+		return nil, errors.Wrap(err, "Unable to write to HMAC-SHA256")
 	}
 
-	encodedToken := base64.RawURLEncoding.EncodeToString(a.sum(nil))
+	encodedToken := a.sum(nil)
 	a.reset()
 
 	return encodedToken, nil
diff --git a/jwt_test.go b/jwt_test.go
@@ -24,8 +24,8 @@ func RunTest(t *testing.T, command func(Algorithm)) {
 func TestEncodeAndValidateToken(t *testing.T) {
 	RunTest(t, func(algorithm Algorithm) {
 		payload := NewClaim()
-		payload.SetTime("nbf", time.Now().Add(time.Duration(-1) * time.Hour))
-		payload.SetTime("exp", time.Now().Add(time.Duration(100) * time.Hour))
+		payload.SetTime("nbf", time.Now().Add(time.Duration(-1)*time.Hour))
+		payload.SetTime("exp", time.Now().Add(time.Duration(100)*time.Hour))
 
 		token, err := algorithm.Encode(payload)
 		if err != nil {
@@ -90,7 +90,7 @@ func TestVerifyTokenNbf(t *testing.T) {
 	RunTest(t, func(algorithm Algorithm) {
 
 		payload := NewClaim()
-		payload.SetTime("nbf", time.Now().Add(time.Duration(1) * time.Hour))
+		payload.SetTime("nbf", time.Now().Add(time.Duration(1)*time.Hour))
 
 		err := json.Unmarshal([]byte(`{"sub":"1234567890","name":"John Doe","admin":true}`), &payload)
 		if err != nil {
@@ -120,3 +120,14 @@ func TestDecodeMalformedToken(t *testing.T) {
 		}
 	})
 }
+
+func TestValidateExternalToken(t *testing.T) {
+	token := "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImp0aSI6ImZmNzJkMWM5LTMzMTktNGIyOS04YjlhLWU1OThkNGJhNDRlZCJ9.eyJpc3MiOiJodHRwOi8vbG9jYWwuaG9zdC5jb20iLCJhdWQiOiJodHRwOi8vbG9jYWwuaG9zdC5jb20iLCJqdGkiOiJmZjcyZDFjOS0zMzE5LTRiMjktOGI5YS1lNTk4ZDRiYTQ0ZWQiLCJpYXQiOjE1MTkzMjc2NDYsIm5iZiI6MTUxOTMyNzY1MCwiZXhwIjoxNjQwMzkwNDAwfQ.ASo8eiekkwZ7on43S9n697x-SqmdehY680GetK_KqpI"
+
+	algorithm := HmacSha256("this-needs-a-test")
+
+	err := algorithm.Validate(token)
+	if err != nil {
+		t.Fatal(err)
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -41,13 +41,13 @@ func (a *Algorithm) write(data []byte) (int, error) {`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`// Sign signs the token with the given hash, and key`
`44`		`-func (a *Algorithm) Sign(unsignedToken string) (string, error) {`
	`44`	`+func (a *Algorithm) Sign(unsignedToken string) ([]byte, error) {`
`45`	`45`	`_, err := a.write([]byte(unsignedToken))`
`46`	`46`	`if err != nil {`
`47`		`- return "", errors.Wrap(err, "Unable to write to HMAC-SHA256")`
	`47`	`+ return nil, errors.Wrap(err, "Unable to write to HMAC-SHA256")`
`48`	`48`	`}`
`49`	`49`
`50`		`- encodedToken := base64.RawURLEncoding.EncodeToString(a.sum(nil))`
	`50`	`+ encodedToken := a.sum(nil)`
`51`	`51`	`a.reset()`
`52`	`52`
`53`	`53`	`return encodedToken, nil`