From 9d6617a0ccd7b2b06f9f248673a37efdd08e3741 Mon Sep 17 00:00:00 2001
From: Antoine Mercadal <antoine.mercadal@gmail.com>
Date: Fri, 4 Oct 2019 12:37:27 -0700
Subject: [PATCH] fixed: panic on wrong token format.

close aporeto-inc/aporeto#2037
---
 client/client.go      |  4 ++++
 client/client_test.go | 26 ++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/client/client.go b/client/client.go
index b18bcc7..e214a0b 100644
--- a/client/client.go
+++ b/client/client.go
@@ -113,6 +113,10 @@ func (a *Client) Authentify(ctx context.Context, token string) ([]string, error)
 		return nil, err
 	}
 
+	if auth.Claims == nil {
+		return nil, elemental.NewError("Unauthorized", "No claims returned. Token maye be invalid", "midgard-lib", http.StatusUnauthorized)
+	}
+
 	return NormalizeAuth(auth.Claims), nil
 }
 
diff --git a/client/client_test.go b/client/client_test.go
index 1d2b580..58d6b5b 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -139,6 +139,32 @@ func TestClient_Authentify(t *testing.T) {
 
 	Convey("Given I have a Client and some valid http header but Midgard return garbage json", t, func() {
 
+		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprintln(w, `{
+                "claims": null
+            }`)
+		}))
+		defer ts.Close()
+
+		cl := NewClient(ts.URL)
+
+		Convey("When I call Authentify", func() {
+
+			n, err := cl.Authentify(context.TODO(), "thetoken")
+
+			Convey("Then normalization should be nil", func() {
+				So(n, ShouldBeNil)
+			})
+
+			Convey("Then err should be not nil", func() {
+				So(err, ShouldNotBeNil)
+				So(err.Error(), ShouldEqual, "error 401 (midgard-lib): Unauthorized: No claims returned. Token maye be invalid")
+			})
+		})
+	})
+
+	Convey("Given I have a Client and some valid http header but Midgard return no claims", t, func() {
+
 		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			fmt.Fprintln(w, `{
                 "claims