Skip to content

Commit 2fe4a09

Browse files
kitloongaldas
kitloong
authored and
aldas
committed
Return HTTP status 400 if missing JWT
1 parent 52fbbba commit 2fe4a09

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

jwt.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -254,11 +254,11 @@ func (config Config) ToMiddleware() (echo.MiddlewareFunc, error) {
254254
return tmpErr
255255
}
256256

257-
message := "invalid or expired jwt"
258257
if lastTokenErr == nil {
259-
message = "missing or malformed jwt"
258+
return echo.NewHTTPError(http.StatusBadRequest, "missing or malformed jwt").SetInternal(err)
260259
}
261-
return echo.NewHTTPError(http.StatusUnauthorized, message).SetInternal(err)
260+
261+
return echo.NewHTTPError(http.StatusUnauthorized, "invalid or expired jwt").SetInternal(err)
262262
}
263263
}, nil
264264
}

jwt_test.go

+6-6
Original file line numberDiff line numberDiff line change
@@ -156,14 +156,14 @@ func TestJWT_combinations(t *testing.T) {
156156
config: Config{
157157
SigningKey: validKey,
158158
},
159-
expectError: "code=401, message=missing or malformed jwt, internal=invalid value in request header",
159+
expectError: "code=400, message=missing or malformed jwt, internal=invalid value in request header",
160160
},
161161
{
162162
name: "Empty header auth field",
163163
config: Config{
164164
SigningKey: validKey,
165165
},
166-
expectError: "code=401, message=missing or malformed jwt, internal=invalid value in request header",
166+
expectError: "code=400, message=missing or malformed jwt, internal=invalid value in request header",
167167
},
168168
{
169169
name: "Valid query method",
@@ -180,7 +180,7 @@ func TestJWT_combinations(t *testing.T) {
180180
TokenLookup: "query:jwt",
181181
},
182182
reqURL: "/?a=b&jwtxyz=" + token,
183-
expectError: "code=401, message=missing or malformed jwt, internal=missing value in the query string",
183+
expectError: "code=400, message=missing or malformed jwt, internal=missing value in the query string",
184184
},
185185
{
186186
name: "Invalid query param value",
@@ -198,7 +198,7 @@ func TestJWT_combinations(t *testing.T) {
198198
TokenLookup: "query:jwt",
199199
},
200200
reqURL: "/?a=b",
201-
expectError: "code=401, message=missing or malformed jwt, internal=missing value in the query string",
201+
expectError: "code=400, message=missing or malformed jwt, internal=missing value in the query string",
202202
},
203203
{
204204
config: Config{
@@ -239,7 +239,7 @@ func TestJWT_combinations(t *testing.T) {
239239
SigningKey: validKey,
240240
TokenLookup: "cookie:jwt",
241241
},
242-
expectError: "code=401, message=missing or malformed jwt, internal=missing value in cookies",
242+
expectError: "code=400, message=missing or malformed jwt, internal=missing value in cookies",
243243
},
244244
{
245245
name: "Valid form method",
@@ -264,7 +264,7 @@ func TestJWT_combinations(t *testing.T) {
264264
SigningKey: validKey,
265265
TokenLookup: "form:jwt",
266266
},
267-
expectError: "code=401, message=missing or malformed jwt, internal=missing value in the form",
267+
expectError: "code=400, message=missing or malformed jwt, internal=missing value in the form",
268268
},
269269
}
270270

0 commit comments

Comments
 (0)