root
/
libauth
mirror of https://github.com/therootcompany/libauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore(lint): lowercase error messages

This commit is contained in:
AJ ONeal 2023-04-04 17:03:59 -06:00
parent d832ea7304
commit 0f2f6734b0
Signed by: coolaj86
GPG Key ID: 585419CA6DB0AA23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libauth.go
View File

@ -68,7 +68,7 @@ func ParseIssuerListString(issuerList string) []string {
func VerifyJWT(jwt string, issuers IssuerList, r *http.Request) (*JWS, error) { func VerifyJWT(jwt string, issuers IssuerList, r *http.Request) (*JWS, error) {
jws := keypairs.JWTToJWS(jwt) jws := keypairs.JWTToJWS(jwt)
if nil == jws { if nil == jws {
return nil, fmt.Errorf("Bad Request: malformed Authorization header") return nil, fmt.Errorf("bad request: malformed Authorization header")
} }
myJws := &JWS{ myJws := &JWS{
@ -94,26 +94,26 @@ func VerifyJWS(jws *JWS, issuers IssuerList, r *http.Request) (*JWS, error) {
if !jwkOK { if !jwkOK {
if !kidOK || 0 == len(kid) { if !kidOK || 0 == len(kid) {
//errs = append(errs, "must have either header.kid or header.jwk") //errs = append(errs, "must have either header.kid or header.jwk")
return nil, fmt.Errorf("Bad Request: missing 'kid' identifier") return nil, fmt.Errorf("bad request: missing 'kid' identifier")
} else if !issOK || 0 == len(iss) { } else if !issOK || 0 == len(iss) {
//errs = append(errs, "payload.iss must exist to complement header.kid") //errs = append(errs, "payload.iss must exist to complement header.kid")
return nil, fmt.Errorf("Bad Request: payload.iss must exist to complement header.kid") return nil, fmt.Errorf("bad request: payload.iss must exist to complement header.kid")
} else { } else {
// TODO beware domain fronting, we should set domain statically // TODO beware domain fronting, we should set domain statically
// See https://pkg.go.dev/git.rootprojects.org/root/keypairs@v0.6.2/keyfetch // See https://pkg.go.dev/git.rootprojects.org/root/keypairs@v0.6.2/keyfetch
// (Caddy does protect against Domain-Fronting by default: // (Caddy does protect against Domain-Fronting by default:
// https://github.com/caddyserver/caddy/issues/2500) // https://github.com/caddyserver/caddy/issues/2500)
if !issuers.IsTrustedIssuer(iss, r) { if !issuers.IsTrustedIssuer(iss, r) {
return nil, fmt.Errorf("Bad Request: 'iss' is not a trusted issuer") return nil, fmt.Errorf("bad request: 'iss' is not a trusted issuer")
} }
} }
var err error var err error
pub, err = keyfetch.OIDCJWK(kid, iss) pub, err = keyfetch.OIDCJWK(kid, iss)
if nil != err { if nil != err {
return nil, fmt.Errorf("Bad Request: 'kid' could not be matched to a known public key: %w", err) return nil, fmt.Errorf("bad request: 'kid' could not be matched to a known public key: %w", err)
} }
} else { } else {
return nil, fmt.Errorf("Bad Request: self-signed tokens with 'jwk' are not supported") return nil, fmt.Errorf("bad request: self-signed tokens with 'jwk' are not supported")
} }
errs := keypairs.VerifyClaims(pub, &jws.JWS) errs := keypairs.VerifyClaims(pub, &jws.JWS)