Fixed renamed function w/o deprecation

tideland · Oct 25, 2017 · d8fa280 · d8fa280
2 parents 74af51f + 96ccf1a
commit d8fa280
Show file tree

Hide file tree

Showing 7 changed files with 161 additions and 96 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.vscode
+debug.test
diff --git a/handlers/handlers_test.go b/handlers/handlers_test.go
@@ -247,7 +247,7 @@ func TestJWTAuthorizationHandler(t *testing.T) {
 		req := restaudit.NewRequest("GET", "/jwt/"+test.id+"/1234567890")
 		if test.tokener != nil {
 			req.SetRequestProcessor(func(req *http.Request) *http.Request {
-				return jwt.AddTokenToRequest(req, test.tokener())
+				return jwt.AddToRequest(req, test.tokener())
 			})
 		}
 		// Make request(s).

diff --git a/handlers/jwtauth.go b/handlers/jwtauth.go
@@ -142,7 +142,7 @@ func (h *jwtAuthorizationHandler) check(job rest.Job) (bool, error) {
 	}
 	// Now do the checks.
 	if err != nil {
-		return h.deny(job, rest.StatusBadRequest, err.Error())
+		return h.deny(job, rest.StatusUnauthorized, err.Error())
 	}
 	if token == nil {
 		return h.deny(job, rest.StatusUnauthorized, "no JSON Web Token")

diff --git a/jwt/errors.go b/jwt/errors.go
@@ -39,27 +39,31 @@ const (
 	ErrNoECDSAKey
 	ErrCannotParseRSA
 	ErrNoRSAKey
+	ErrNoAuthorizationHeader
+	ErrInvalidAuthorizationHeader
 )
 
 var errorMessages = errors.Messages{
-	ErrCannotEncode:       "cannot encode the %s",
-	ErrCannotDecode:       "cannot decode the %s",
-	ErrCannotSign:         "cannot sign the token",
-	ErrCannotVerify:       "cannot verify the %s",
-	ErrNoKey:              "no key available, only after encoding or verifying",
-	ErrJSONMarshalling:    "error marshalling to JSON",
-	ErrJSONUnmarshalling:  "error unmarshalling from JSON",
-	ErrInvalidTokenPart:   "part of the token contains invalid data",
-	ErrInvalidCombination: "invalid combination of algorithm %q and key type %q",
-	ErrInvalidAlgorithm:   "signature algorithm %q is invalid",
-	ErrInvalidKeyType:     "key type %T is invalid",
-	ErrInvalidSignature:   "token signature is invalid",
-	ErrCannotReadPEM:      "cannot read the PEM",
-	ErrCannotDecodePEM:    "cannot decode the PEM",
-	ErrCannotParseECDSA:   "cannot parse the ECDSA",
-	ErrNoECDSAKey:         "passed key is no ECDSA key",
-	ErrCannotParseRSA:     "cannot parse the RSA",
-	ErrNoRSAKey:           "passed key is no RSA key",
+	ErrCannotEncode:               "cannot encode the %s",
+	ErrCannotDecode:               "cannot decode the %s",
+	ErrCannotSign:                 "cannot sign the token",
+	ErrCannotVerify:               "cannot verify the %s",
+	ErrNoKey:                      "no key available, only after encoding or verifying",
+	ErrJSONMarshalling:            "error marshalling to JSON",
+	ErrJSONUnmarshalling:          "error unmarshalling from JSON",
+	ErrInvalidTokenPart:           "part of the token contains invalid data",
+	ErrInvalidCombination:         "invalid combination of algorithm %q and key type %q",
+	ErrInvalidAlgorithm:           "signature algorithm %q is invalid",
+	ErrInvalidKeyType:             "key type %T is invalid",
+	ErrInvalidSignature:           "token signature is invalid",
+	ErrCannotReadPEM:              "cannot read the PEM",
+	ErrCannotDecodePEM:            "cannot decode the PEM",
+	ErrCannotParseECDSA:           "cannot parse the ECDSA",
+	ErrNoECDSAKey:                 "passed key is no ECDSA key",
+	ErrCannotParseRSA:             "cannot parse the RSA",
+	ErrNoRSAKey:                   "passed key is no RSA key",
+	ErrNoAuthorizationHeader:      "request contains no authorization header",
+	ErrInvalidAuthorizationHeader: "invalid authorization header: '%s'",
 }
 
 // EOF
diff --git a/jwt/header.go b/jwt/header.go
@@ -1,6 +1,6 @@
 // Tideland Go REST Server Library - JSON Web Token - Header
 //
-// Copyright (C) 2016 Frank Mueller / Tideland / Oldenburg / Germany
+// Copyright (C) 2016-2017 Frank Mueller / Tideland / Oldenburg / Germany
 //
 // All rights reserved. Use of this source code is governed
 // by the new BSD license.
@@ -15,61 +15,77 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/tideland/golib/errors"
+
 	"github.com/tideland/gorest/rest"
 )
 
 //--------------------
-// JOB AND REQUEST HANDLING
+// REQUEST AND JOB HANDLING
 //--------------------
 
+// AddTokenToRequest adds a token as header to a request for
+// usage by a client.
+//
+// DEPRECATED: Now AddToRequest().
+func AddTokenToRequest(req *http.Request, jwt JWT) *http.Request {
+	return AddToRequest(req, jwt)
+}
+
+// AddToRequest adds a token as header to a request for
+// usage by a client.
+func AddToRequest(req *http.Request, jwt JWT) *http.Request {
+	req.Header.Add("Authorization", "Bearer "+jwt.String())
+	return req
+}
+
+// DecodeFromRequest tries to retrieve a token from a request
+// header.
+func DecodeFromRequest(req *http.Request) (JWT, error) {
+	return decodeFromRequest(req, nil, nil)
+}
+
 // DecodeFromJob retrieves a possible JWT from
 // the request inside a REST job. The JWT is only decoded.
 func DecodeFromJob(job rest.Job) (JWT, error) {
-	return retrieveFromJob(job, nil, nil)
+	return decodeFromRequest(job.Request(), nil, nil)
 }
 
 // DecodeCachedFromJob retrieves a possible JWT from the request
 // inside a REST job and checks if it already is cached. The JWT is
 // only decoded. In case of no error the token is added to the cache.
 func DecodeCachedFromJob(job rest.Job, cache Cache) (JWT, error) {
-	return retrieveFromJob(job, cache, nil)
+	return decodeFromRequest(job.Request(), cache, nil)
 }
 
 // VerifyFromJob retrieves a possible JWT from
 // the request inside a REST job. The JWT is verified.
 func VerifyFromJob(job rest.Job, key Key) (JWT, error) {
-	return retrieveFromJob(job, nil, key)
+	return decodeFromRequest(job.Request(), nil, key)
 }
 
 // VerifyCachedFromJob retrieves a possible JWT from the request
 // inside a REST job and checks if it already is cached. The JWT is
 // verified. In case of no error the token is added to the cache.
 func VerifyCachedFromJob(job rest.Job, cache Cache, key Key) (JWT, error) {
-	return retrieveFromJob(job, cache, key)
-}
-
-// AddTokenToRequest adds a token as header to a request for
-// usage by a client.
-func AddTokenToRequest(req *http.Request, jwt JWT) *http.Request {
-	req.Header.Add("Authorization", "Bearer "+jwt.String())
-	return req
+	return decodeFromRequest(job.Request(), cache, key)
 }
 
 //--------------------
 // PRIVATE HELPERS
 //--------------------
 
-// retrieveFromJob is the generic retrieval function with possible
-// caching and verifaction.
-func retrieveFromJob(job rest.Job, cache Cache, key Key) (JWT, error) {
+// decodeFromRequest is the generic decoder with possible
+// caching and verification.
+func decodeFromRequest(req *http.Request, cache Cache, key Key) (JWT, error) {
 	// Retrieve token from header.
-	authorization := job.Request().Header.Get("Authorization")
+	authorization := req.Header.Get("Authorization")
 	if authorization == "" {
-		return nil, nil
+		return nil, errors.New(ErrNoAuthorizationHeader, errorMessages)
 	}
 	fields := strings.Fields(authorization)
 	if len(fields) != 2 || fields[0] != "Bearer" {
-		return nil, nil
+		return nil, errors.New(ErrInvalidAuthorizationHeader, errorMessages, authorization)
 	}
 	// Check cache.
 	if cache != nil {