modifications on PR. Added a space in the bearer string check so that…

… we unexpectly dont experience an base64url encoding because bearer is technically part of a valid endcoding, we think. Also moved it into a failed decoding to get a better feedback for the developer, but not do unessecary amount of string checks
twocs · Dec 22, 2015 · 57b1269 · 57b1269
1 parent 1f970af
commit 57b1269
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/parser.go b/parser.go
@@ -26,6 +26,9 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 	// parse Header
 	var headerBytes []byte
 	if headerBytes, err = DecodeSegment(parts[0]); err != nil {
+		if strings.Contains(strings.ToLower(tokenString), "bearer ") {
+			return token, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
+		}
 		return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
 	}
 	if err = json.Unmarshal(headerBytes, &token.Header); err != nil {

diff --git a/token.go b/token.go
@@ -84,9 +84,6 @@ func (t *Token) SigningString() (string, error) {
 // keyFunc will receive the parsed token and should return the key for validating.
 // If everything is kosher, err will be nil
 func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
-	if strings.Contains(strings.ToLower(tokenString), "bearer") {
-		return nil, &ValidationError{err: "tokenstring should not contain bearer", Errors: ValidationErrorMalformed}
-	}
 	return new(Parser).Parse(tokenString, keyFunc)
 }