Skip to content

Commit

Permalink
fix: Fix registered claims panic bug (#20)
Browse files Browse the repository at this point in the history 
<!--
This project uses semantic versioning in combination with conventional
commits.

When creating a pull request the title will be validated to follow
conevntional commits however you as a contributor need to think about
what kind of changes you are making.
The description of the PR will be used (in most cases) as the commit
details and needs to contain any 'BREAKING CHANGE:' footer.

See
https://github.com/semantic-release/semantic-release?tab=readme-ov-file#commit-message-format
for details on what types result in which SemVer.
 -->

### Describe your changes

+ Allocate memory for embedded struct type to avoid panics
+ Add elementary test

### Issue ticket number and link

- Fixes #19

### Checklist before requesting a review

- [X] I have performed a self-review of my own code
- [X] I have verified that the code builds perfectly fine on my local
system
- [X] I have added tests that prove my fix is effective or that my
feature works
- [X] I have commented my code, particularly in hard-to-understand areas
- [X] I have verified that my code follows the style already available
in the repository
- [X] I have made corresponding changes to the documentation
  • Loading branch information
@chrlmrtnssn
chrlmrtnssn authored Sep 3, 2024
1 parent dbf4ecf commit a885cee
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
2 changes: 1 addition & 1 deletion parse.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func Parse(
// Ensure that it is a well-formed JWT, that a supported signature algorithm is used,
// that it contains a public key, and that the signature verifies with the public key.
// This satisfies point 2, 5, 6 and 7 in https://datatracker.ietf.org/doc/html/rfc9449#section-4.3
var claims ProofTokenClaims
claims := ProofTokenClaims{RegisteredClaims: &jwt.RegisteredClaims{}}
dpopToken, err := jwt.ParseWithClaims(tokenString, &claims, keyFunc)
if err != nil {
return nil, errors.Join(ErrInvalidProof, err)
Expand Down
15 changes: 15 additions & 0 deletions parse_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,21 @@ func TestParse_MissingJWKHeader(t *testing.T) {
}
}

func TestNoRegisteredClaims(t *testing.T) {
tokenString := "eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsIm4iOiIwRDhoZXV0NEo1SFdYUHFYTHl2T21zaU5hVFNhVFhPZmkxanBUV2JHTWs4bElQaXBqVXBxcjAtQ0pVT2drNEs0bW9naGUxX1FJTjFqbFBWZVg3WXh2UzNiYjRXMFh1bzZLOEFjREFKSjlIZE1PVWtHdGdiSEcxTkloTEVoR1NJMjZWcU52cjN5VXJqSG1qSHJIc1o1MUZYTVBiU09DZWdqVHlnOGtJVWtxbUNEUTB4ek42WlVQVzhocHNyWU10SlBtZ1N5U0lRaWlYWnFUYUF1UTdhdHJxWGF1dU1SSFQyMWlta2h6UE9SbFl2SkhwWk1rdkhkbjVqNlpOVlBoLVE1MEZ4QkdKRmRkZEtmM05xbW9nWG9td0dLSzZvV042S1pIU2ZuM2tuUjNieW1abWZvMHdEeUVTQ1dtQzI2RGx0ejRlTXdyTTU2VWNPNUNpWlBRWm1ZclEiLCJrdHkiOiJSU0EifSwidHlwIjoiZHBvcCtqd3QifQ.eyJodG0iOiJQT1NUIiwiaHR1IjoiaHR0cHM6Ly9teXVybC5jb20vd2hhdGV2ZXIifQ.mKo299nmZG1eCGRIf-CWXqrSTGO3vRUdvSAOHGsejw3COAHuGNfWq8hPLQ2iR4QI1UQkR0g95HsTbAEeWSZ9TSBzl5aLN0QO-fQUfs0l3ohW7wyQF-yJ9aMZjCMBUPP6kD7MPaJqwD_E1EQr6RHHQrCOR60BjZSQEiteiWocMPl-jJpN-OgsmPe9fy3hOaaf0oX2CUiwUJW9sIsVIwkMK6NE9sJMMsE6P-qUhgBki_sK1TOK7xT9AMaihybYHM4gkBswi4gFTwIdCQtd7Nl_MVIliAxJrc5HwuBZeL-DLzK7yZlpovJAlrrhnE1FP6RwmthiGPktEqwITAVabMkBrA"

u, _ := url.Parse("https://myurl.com/whatever")
_, err := dpop.Parse(tokenString, dpop.POST, u, dpop.ParseOptions{})

if err == nil {
t.Fatalf("Expected an error but did not get one.")
}

if !errors.Is(err, dpop.ErrMissingClaims) {
t.Fatalf("Expected %q error but got %q", dpop.ErrMissingClaims, err)
}
}

// Test that missing claims are rejected
func TestParse_MissingClaims(t *testing.T) {
// Act
Expand Down

0 comments on commit a885cee

Please sign in to comment.