diff --git a/tokenutils/tokenutils.go b/tokenutils/tokenutils.go index 8cc309d..6283c09 100644 --- a/tokenutils/tokenutils.go +++ b/tokenutils/tokenutils.go @@ -39,6 +39,10 @@ func Snip(err error, token string) error { // verifying its validity. Only use or trust this after proper validation. func UnsecureClaimsMap(token string) (claims map[string]interface{}, err error) { + if token == "" { + return nil, errors.New("invalid jwt: empty") + } + parts := strings.Split(token, ".") if len(parts) != 3 { return nil, errors.New("invalid jwt: not enough segments") @@ -60,6 +64,10 @@ func UnsecureClaimsMap(token string) (claims map[string]interface{}, err error) // SigAlg returns the signature used by the token func SigAlg(token string) (string, error) { + if token == "" { + return "", errors.New("invalid jwt: empty") + } + parts := strings.Split(token, ".") if len(parts) != 3 { return "", errors.New("invalid jwt: not enough segments") diff --git a/tokenutils/tokenutils_test.go b/tokenutils/tokenutils_test.go index 38e48c1..49f8a23 100644 --- a/tokenutils/tokenutils_test.go +++ b/tokenutils/tokenutils_test.go @@ -106,6 +106,25 @@ func TestTokenUtils_UnsecureClaimsMap(t *testing.T) { }) }) + Convey("Given I have a token an empty token", t, func() { + + token := "" + + Convey("When I UnsecureClaimsMap", func() { + + claims, err := UnsecureClaimsMap(token) + + Convey("Then err should be nil", func() { + So(err, ShouldNotBeNil) + So(err.Error(), ShouldEqual, "invalid jwt: empty") + }) + + Convey("Then claims should be nil", func() { + So(claims, ShouldBeNil) + }) + }) + }) + Convey("Given I have a token a token with invalid base64", t, func() { token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.not-base64.jvh034mNSV-Fy--GIGnnYeWouluV6CexC9_8IHJ-IR4" @@ -184,6 +203,25 @@ func TestJWTUtils_SigAlg(t *testing.T) { }) }) + Convey("Given I have an empty token", t, func() { + + token := "" + + Convey("When I SigAlg", func() { + + alg, err := SigAlg(token) + + Convey("Then err should be nil", func() { + So(err, ShouldNotBeNil) + So(err.Error(), ShouldEqual, "invalid jwt: empty") + }) + + Convey("Then alg should be empty", func() { + So(alg, ShouldBeEmpty) + }) + }) + }) + Convey("Given I have a token a token with invalid base64", t, func() { token := "not-base-64.eyJyZWFsbSI6IlZpbmNlIiwiZGF0YSI6eyJhY2NvdW50IjoiYXBvbXV4IiwiZW1haWwiOiJhZG1pbkBhcG9tdXguY29tIiwiaWQiOiI1YTZhNTUxMTdkZGYxZjIxMmY4ZWIwY2UiLCJvcmdhbml6YXRpb24iOiJhcG9tdXgiLCJyZWFsbSI6InZpbmNlIn0sImF1ZCI6ImFwb3JldG8uY29tIiwiZXhwIjoxNTIwNjQ5MTAyLCJpYXQiOjE1MTgwNTcxMDIsImlzcyI6Im1pZGdhcmQuYXBvbXV4LmNvbSIsInN1YiI6ImFwb211eCJ9.jvh034mNSV-Fy--GIGnnYeWouluV6CexC9_8IHJ-IR4"