Check the token to have 3 parts present upon decoding

Vasily Kolobkov · Vasily Kolobkov · commit c9dd026909b2 · 2017-05-03T18:41:02.000+02:00
diff --git a/algorithms.go b/algorithms.go
@@ -87,6 +87,9 @@ func (a *Algorithm) Encode(payload *Claims) (string, error) {
 // Decode returns a map representing the token's claims. DOESN'T validate the claims though.
 func (a *Algorithm) Decode(encoded string) (*Claims, error) {
 	encryptedComponents := strings.Split(encoded, ".")
+	if len(encryptedComponents) != 3 {
+		return nil, errors.New("malformed token")
+	}
 
 	b64Payload := encryptedComponents[1]
 
diff --git a/jwt_test.go b/jwt_test.go
@@ -108,3 +108,15 @@ func TestVerifyTokenNbf(t *testing.T) {
 		}
 	})
 }
+
+func TestDecodeMalformedToken(t *testing.T) {
+	RunTest(t, func(algorithm Algorithm) {
+		bogusTokens := []string{"", "abc", "czwmS6hE.NZLElvuy"}
+
+		for _, bogusToken := range bogusTokens {
+			if _, err := algorithm.Decode(bogusToken); err == nil {
+				t.Fatalf("no error returned upon decoding malformed token '%s'", bogusToken)
+			}
+		}
+	})
+}
