Jwt v5 update (#9)

whkelvin · web-flow · commit 6944ffef14c1 · 2023-05-16T13:31:44.000+03:00
Jwt v5 update
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -14,7 +14,7 @@ permissions:
 
 env:
   # run static analysis only with the latest Go version
-  LATEST_GO_VERSION: 1.19
+  LATEST_GO_VERSION: "1.20"
 
 jobs:
   check:
@@ -44,5 +44,3 @@ jobs:
           go version
           go install golang.org/x/vuln/cmd/govulncheck@latest
           govulncheck ./...
-
-
diff --git a/.github/workflows/echo.yml b/.github/workflows/echo.yml
@@ -25,7 +25,7 @@ jobs:
         # Echo tests with last four major releases (unless there are pressing vulnerabilities)
         # As we depend on `golang.org/x/` libraries which only support last 2 Go releases we could have situations when
         # we derive from last four major releases promise.
-        go: [1.17, 1.18, 1.19]
+        go: ["1.18", "1.19", "1.20"]
     name: ${{ matrix.os }} @ Go ${{ matrix.go }}
     runs-on: ${{ matrix.os }}
     steps:
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 # Echo JWT middleware
 
-JWT middleware for [Echo](https://github.com/labstack/echo) framework. This middleware uses by default [golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) 
+JWT middleware for [Echo](https://github.com/labstack/echo) framework. This middleware uses by default [golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) 
 as JWT implementation.
 
 ## Versioning
@@ -48,7 +48,7 @@ e.Use(echojwt.WithConfig(echojwt.Config{
 
 Extract token in handler
 ```go
-import "github.com/golang-jwt/jwt/v4"
+import "github.com/golang-jwt/jwt/v5"
 
 // ...
 
@@ -72,7 +72,7 @@ package main
 
 import (
 	"errors"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/labstack/echo-jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/labstack/echo-jwt/v4
 go 1.17
 
 require (
-	github.com/golang-jwt/jwt/v4 v4.4.3
+	github.com/golang-jwt/jwt/v5 v5.0.0
 	github.com/labstack/echo/v4 v4.9.0
 	github.com/stretchr/testify v1.8.1
 )
diff --git a/go.sum b/go.sum
@@ -3,8 +3,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
-github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/labstack/echo/v4 v4.9.0 h1:wPOF1CE6gvt/kmbMR4dGzWvHMPT+sAEUJOwOTtvITVY=
 github.com/labstack/echo/v4 v4.9.0/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks=
 github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
diff --git a/jwt.go b/jwt.go
@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
 )
diff --git a/jwt_benchmark_test.go b/jwt_benchmark_test.go
@@ -1,7 +1,7 @@
 package echojwt
 
 import (
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/labstack/echo/v4"
 	"net/http"
 	"net/http/httptest"
diff --git a/jwt_extranal_test.go b/jwt_extranal_test.go
@@ -6,7 +6,7 @@ package echojwt_test
 import (
 	"errors"
 	"fmt"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	echojwt "github.com/labstack/echo-jwt/v4"
 	"github.com/labstack/echo/v4"
 	"io"
@@ -25,7 +25,7 @@ func ExampleWithConfig_usage() {
 
 	e.GET("/", func(c echo.Context) error {
 		// make sure that your imports are correct versions. for example if you use `"github.com/golang-jwt/jwt"` as
-		// import this cast will fail and `"github.com/golang-jwt/jwt/v4"` will succeed.
+		// import this cast will fail and `"github.com/golang-jwt/jwt/v5"` will succeed.
 		// Although `.(*jwt.Token)` looks exactly the same for both packages but this struct is still different
 		token, ok := c.Get("user").(*jwt.Token) // by default token is stored under `user` key
 		if !ok {
diff --git a/jwt_test.go b/jwt_test.go
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
 	"github.com/stretchr/testify/assert"
@@ -110,15 +110,15 @@ func TestJWT_combinations(t *testing.T) {
 				SigningKey:    validKey,
 				SigningMethod: "RS256",
 			},
-			expectError: "code=401, message=invalid or expired jwt, internal=unexpected jwt signing method=HS256",
+			expectError: "code=401, message=invalid or expired jwt, internal=token is unverifiable: error while executing keyfunc: unexpected jwt signing method=HS256",
 		},
 		{
 			name:    "Invalid key",
 			hdrAuth: validAuth,
 			config: Config{
 				SigningKey: invalidKey,
 			},
-			expectError: "code=401, message=invalid or expired jwt, internal=signature is invalid",
+			expectError: "code=401, message=invalid or expired jwt, internal=token signature is invalid: signature is invalid",
 		},
 		{
 			name:    "Valid JWT",
@@ -189,7 +189,7 @@ func TestJWT_combinations(t *testing.T) {
 				TokenLookup: "query:jwt",
 			},
 			reqURL:      "/?a=b&jwt=invalid-token",
-			expectError: "code=401, message=invalid or expired jwt, internal=token contains an invalid number of segments",
+			expectError: "code=401, message=invalid or expired jwt, internal=token is malformed: token contains an invalid number of segments",
 		},
 		{
 			name: "Empty query",
@@ -231,7 +231,7 @@ func TestJWT_combinations(t *testing.T) {
 				TokenLookup: "cookie:jwt",
 			},
 			hdrCookie:   "jwt=invalid",
-			expectError: "code=401, message=invalid or expired jwt, internal=token contains an invalid number of segments",
+			expectError: "code=401, message=invalid or expired jwt, internal=token is malformed: token contains an invalid number of segments",
 		},
 		{
 			name: "Empty cookie",
@@ -256,7 +256,7 @@ func TestJWT_combinations(t *testing.T) {
 				TokenLookup: "form:jwt",
 			},
 			formValues:  map[string]string{"jwt": "invalid"},
-			expectError: "code=401, message=invalid or expired jwt, internal=token contains an invalid number of segments",
+			expectError: "code=401, message=invalid or expired jwt, internal=token is malformed: token contains an invalid number of segments",
 		},
 		{
 			name: "Empty form field",
@@ -513,7 +513,7 @@ func TestConfig_ErrorHandling(t *testing.T) {
 				},
 			},
 			whenAuthHeader: "Bearer x.x.x",
-			expectError:    "illegal base64 data at input byte 0",
+			expectError:    "token is malformed: could not base64 decode header: illegal base64 data at input byte 0",
 		},
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ module github.com/labstack/echo-jwt/v4`
`3`	`3`	`go 1.17`
`4`	`4`
`5`	`5`	`require (`
`6`		`- github.com/golang-jwt/jwt/v4 v4.4.3`
	`6`	`+ github.com/golang-jwt/jwt/v5 v5.0.0`
`7`	`7`	`github.com/labstack/echo/v4 v4.9.0`
`8`	`8`	`github.com/stretchr/testify v1.8.1`
`9`	`9`	`)`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ import (`
`8`	`8`	`"fmt"`
`9`	`9`	`"net/http"`
`10`	`10`
`11`		`- "github.com/golang-jwt/jwt/v4"`
	`11`	`+ "github.com/golang-jwt/jwt/v5"`
`12`	`12`	`"github.com/labstack/echo/v4"`
`13`	`13`	`"github.com/labstack/echo/v4/middleware"`
`14`	`14`	`)`