Add test for jws.fromHeader function
diff --git a/jws/jws.go b/jws/jws.go index 29ae67c..c8c9ca4 100644 --- a/jws/jws.go +++ b/jws/jws.go
@@ -414,7 +414,7 @@ } func fromHeader(req *http.Request) ([]byte, bool) { - if ah := req.Header.Get("Authorization"); ah != "" && len(ah) > 6 && strings.EqualFold(ah[0:6], "BEARER") { + if ah := req.Header.Get("Authorization"); len(ah) > 7 && strings.EqualFold(ah[0:7], "BEARER ") { return []byte(ah[7:]), true } return nil, false
diff --git a/jws/jwt_test.go b/jws/jwt_test.go index 5ea4a9b..c0056c3 100644 --- a/jws/jwt_test.go +++ b/jws/jwt_test.go
@@ -2,6 +2,7 @@ import ( "errors" + "net/http" "testing" "time" @@ -82,3 +83,49 @@ t.Error(err) } } + +func TestFromHeader(t *testing.T) { + header := http.Header{} + req := &http.Request{ + Header: header, + } + + _, ok := fromHeader(req) + if ok { + t.Errorf("fromHeader should return !ok when request doesn't have an authorization header") + } + + header.Set("Authorization", "invalid") + _, ok = fromHeader(req) + if ok { + t.Errorf("fromHeader should return !ok when Authorization header value is invalid") + } + + header.Set("Authorization", "bearer") + _, ok = fromHeader(req) + if ok { + t.Errorf("fromHeader should return !ok when Authorization header value doesn't contain any value for a token") + } + + header.Set("Authorization", "bearer ") + _, ok = fromHeader(req) + if ok { + t.Errorf("fromHeader should return !ok when Authorization header value doesn't contain any value for a token") + } + + header.Set("Authorization", "BEARER ") + _, ok = fromHeader(req) + if ok { + t.Errorf("fromHeader should return !ok when Authorization header value doesn't contain any value for a token") + } + + header.Set("Authorization", "BEARER t") + token, ok := fromHeader(req) + if !ok { + t.Errorf("fromHeader should return ok when Authorization header contains a value for a token") + } + + if string(token) != "t" { + t.Errorf("fromHeader should return the value set as token in the Auhorization header") + } +}