Google Git
Sign in
edge / third_party / SermoDigital / jose / fa74c9f8b6a7bf513e12d9447b1669f68991198c^1..fa74c9f8b6a7bf513e12d9447b1669f68991198c / .
commitfa74c9f8b6a7bf513e12d9447b1669f68991198c[log] [tgz]
authorEric Lagergren <ericscottlagergren@gmail.com>Fri May 27 00:52:16 2016 -0700
committerEric Lagergren <ericscottlagergren@gmail.com>Fri May 27 00:52:16 2016 -0700
tree4d84966937664c383b43d8ae462e8428d9759d68
parentfda8c72251a5b8dc3c4b76b2c224536460ee80a0 [diff]
parentf830bc2fca2ded52ec1203a07531506442331609 [diff]
Merge pull request #25 from ifraixedes/test-from-header

Add test for jws.fromHeader function - retrieved
diff --git a/jws/jws.go b/jws/jws.go
index 29ae67c..c8c9ca4 100644
--- a/jws/jws.go
+++ b/jws/jws.go

@@ -414,7 +414,7 @@
 }
 
 func fromHeader(req *http.Request) ([]byte, bool) {
-	if ah := req.Header.Get("Authorization"); ah != "" && len(ah) > 6 && strings.EqualFold(ah[0:6], "BEARER") {
+	if ah := req.Header.Get("Authorization"); len(ah) > 7 && strings.EqualFold(ah[0:7], "BEARER ") {
 		return []byte(ah[7:]), true
 	}
 	return nil, false

diff --git a/jws/jwt_test.go b/jws/jwt_test.go
index 5ea4a9b..c0056c3 100644
--- a/jws/jwt_test.go
+++ b/jws/jwt_test.go

@@ -2,6 +2,7 @@
 
 import (
 	"errors"
+	"net/http"
 	"testing"
 	"time"
 
@@ -82,3 +83,49 @@
 		t.Error(err)
 	}
 }
+
+func TestFromHeader(t *testing.T) {
+	header := http.Header{}
+	req := &http.Request{
+		Header: header,
+	}
+
+	_, ok := fromHeader(req)
+	if ok {
+		t.Errorf("fromHeader should return !ok when request doesn't have an authorization header")
+	}
+
+	header.Set("Authorization", "invalid")
+	_, ok = fromHeader(req)
+	if ok {
+		t.Errorf("fromHeader should return !ok when Authorization header value is invalid")
+	}
+
+	header.Set("Authorization", "bearer")
+	_, ok = fromHeader(req)
+	if ok {
+		t.Errorf("fromHeader should return !ok when Authorization header value doesn't contain any value for a token")
+	}
+
+	header.Set("Authorization", "bearer ")
+	_, ok = fromHeader(req)
+	if ok {
+		t.Errorf("fromHeader should return !ok when Authorization header value doesn't contain any value for a token")
+	}
+
+	header.Set("Authorization", "BEARER ")
+	_, ok = fromHeader(req)
+	if ok {
+		t.Errorf("fromHeader should return !ok when Authorization header value doesn't contain any value for a token")
+	}
+
+	header.Set("Authorization", "BEARER t")
+	token, ok := fromHeader(req)
+	if !ok {
+		t.Errorf("fromHeader should return ok when Authorization header contains a value for a token")
+	}
+
+	if string(token) != "t" {
+		t.Errorf("fromHeader should return the value set as token in the Auhorization header")
+	}
+}