Improved token parsing

- Used code style for return and formatting - Replaced string.split with string.field to avoid panic
konveyor · Apr 3, 2024 · 62865af · 62865af
1 parent e8af612
commit 62865af
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 20 deletions.
diff --git a/auth/builtin.go b/auth/builtin.go
@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"errors"
 	"strings"
 
 	"github.com/golang-jwt/jwt/v4"
@@ -22,7 +21,8 @@ type Validator interface {
 }
 
 // NoAuth provider always permits access.
-type NoAuth struct{}
+type NoAuth struct {
+}
 
 // NewToken creates a new signed token.
 func (r NoAuth) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error) {
@@ -59,33 +59,31 @@ func (r *NoAuth) Refresh(refresh string) (token Token, err error) {
 }
 
 // Builtin auth provider.
-type Builtin struct{}
+type Builtin struct {
+}
 
 // Parse Token out of a string
-func ParseToken(requestToken string) (string, error) {
-	splitToken := strings.Split(requestToken, " ")
-	if splitToken[0] != "Bearer" {
-		return "", errors.New("authentication header not of type bearer")
-	}
-	token := strings.TrimSpace(splitToken[1])
-	if len(token) < 1 {
-		return "", errors.New("no authentication header found")
+func parseToken(requestToken string) (token string, err error) {
+	splitToken := strings.Fields(requestToken)
+	if len(splitToken) != 2 || strings.ToLower(splitToken[0]) != "bearer" {
+		err = liberr.Wrap(&NotValid{Token: requestToken})
+		return
 	}
-
-	return token, nil
+	token = splitToken[1]
+	return
 }
 
 // Authenticate the token
 func (r *Builtin) Authenticate(request *Request) (jwToken *jwt.Token, err error) {
-	token, err := ParseToken(request.Token)
-	if err != nil {
-		return nil, err
-	}
 	defer func() {
 		if err != nil {
 			Log.Info(err.Error())
 		}
 	}()
+	token, err := parseToken(request.Token)
+	if err != nil {
+		return
+	}
 	jwToken, err = jwt.Parse(
 		token,
 		func(jwToken *jwt.Token) (secret interface{}, err error) {

diff --git a/auth/builtin_test.go b/auth/builtin_test.go
@@ -26,6 +26,14 @@ func TestParseToken(t *testing.T) {
 			want:    "",
 			wantErr: true,
 		},
+		{
+			name: "Empty Bearer token no whitespace",
+			args: args{
+				requestToken: "Bearer",
+			},
+			want:    "",
+			wantErr: true,
+		},
 		{
 			name: "Empty request Token",
 			args: args{
@@ -45,13 +53,13 @@ func TestParseToken(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := ParseToken(tt.args.requestToken)
+			got, err := parseToken(tt.args.requestToken)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("ParseToken() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("parseToken() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if got != tt.want {
-				t.Errorf("ParseToken() = %v, want %v", got, tt.want)
+				t.Errorf("parseToken() = %v, want %v", got, tt.want)
 			}
 		})
 	}