fixed: panic on wrong token format.

close aporeto-inc/aporeto#2037
PaloAltoNetworks · Oct 4, 2019 · 9d6617a · 9d6617a
1 parent 408f004
commit 9d6617a
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/client/client.go b/client/client.go
@@ -113,6 +113,10 @@ func (a *Client) Authentify(ctx context.Context, token string) ([]string, error)
 		return nil, err
 	}
 
+	if auth.Claims == nil {
+		return nil, elemental.NewError("Unauthorized", "No claims returned. Token maye be invalid", "midgard-lib", http.StatusUnauthorized)
+	}
+
 	return NormalizeAuth(auth.Claims), nil
 }
 

diff --git a/client/client_test.go b/client/client_test.go
@@ -139,6 +139,32 @@ func TestClient_Authentify(t *testing.T) {
 
 	Convey("Given I have a Client and some valid http header but Midgard return garbage json", t, func() {
 
+		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprintln(w, `{
+                "claims": null
+            }`)
+		}))
+		defer ts.Close()
+
+		cl := NewClient(ts.URL)
+
+		Convey("When I call Authentify", func() {
+
+			n, err := cl.Authentify(context.TODO(), "thetoken")
+
+			Convey("Then normalization should be nil", func() {
+				So(n, ShouldBeNil)
+			})
+
+			Convey("Then err should be not nil", func() {
+				So(err, ShouldNotBeNil)
+				So(err.Error(), ShouldEqual, "error 401 (midgard-lib): Unauthorized: No claims returned. Token maye be invalid")
+			})
+		})
+	})
+
+	Convey("Given I have a Client and some valid http header but Midgard return no claims", t, func() {
+
 		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			fmt.Fprintln(w, `{
                 "claims