From 4ba6595d2ad41a15a4fa72bcea7cec8164163311 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <matthewrdillon@gmail.com>
Date: Wed, 9 Mar 2016 09:17:51 -0700
Subject: [PATCH] Update thermokarst/jwt

---
 Godeps/Godeps.json                            |  2 +-
 .../src/github.com/thermokarst/jwt/LICENSE    |  2 +-
 .../src/github.com/thermokarst/jwt/README.md  |  4 +--
 .../src/github.com/thermokarst/jwt/jwt.go     | 30 +++++++++++--------
 4 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json
index 9e7e0a1..29c7a2d 100644
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@@ -51,7 +51,7 @@
 		},
 		{
 			"ImportPath": "github.com/thermokarst/jwt",
-			"Rev": "9d3638db601e499627271fe06273aab0aa67e7b3"
+			"Rev": "0c914e9b3a7ff6a8629e6ccf21012244ff344452"
 		},
 		{
 			"ImportPath": "golang.org/x/crypto/bcrypt",
diff --git a/Godeps/_workspace/src/github.com/thermokarst/jwt/LICENSE b/Godeps/_workspace/src/github.com/thermokarst/jwt/LICENSE
index 053a002..9b651ca 100644
--- a/Godeps/_workspace/src/github.com/thermokarst/jwt/LICENSE
+++ b/Godeps/_workspace/src/github.com/thermokarst/jwt/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 Matthew Dillon
+Copyright (c) 2015, 2016 Matthew Dillon
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/Godeps/_workspace/src/github.com/thermokarst/jwt/README.md b/Godeps/_workspace/src/github.com/thermokarst/jwt/README.md
index 226ae87..b544832 100644
--- a/Godeps/_workspace/src/github.com/thermokarst/jwt/README.md
+++ b/Godeps/_workspace/src/github.com/thermokarst/jwt/README.md
@@ -2,8 +2,8 @@
 
 [![GoDoc](https://godoc.org/github.com/thermokarst/jwt?status.svg)](https://godoc.org/github.com/thermokarst/jwt)
 
-A simple, opinionated Go net/http middleware for integrating JSON Web Tokens into
-your application:
+A simple (bring your own logic), opinionated Go net/http middleware for integrating
+JSON Web Tokens into your application:
 
 ```go
 package main
diff --git a/Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go b/Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go
index 80c0707..353563e 100644
--- a/Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go
+++ b/Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go
@@ -107,14 +107,18 @@ func (m *Middleware) Secure(h http.Handler, v VerifyClaimsFunc) http.Handler {
 				return &jwtError{status: http.StatusUnauthorized, err: ErrMissingToken}
 			}
 		} else {
-			token = strings.Split(authHeader, " ")[1]
+			tokenParts := strings.Split(authHeader, " ")
+			if len(tokenParts) != 2 {
+				return &jwtError{status: http.StatusUnauthorized, err: ErrMalformedToken}
+			}
+			token = tokenParts[1]
 		}
 
-		if status, err, message := m.VerifyToken(token, v, r); err != nil {
+		if status, message, err := m.VerifyToken(token, v, r); err != nil {
 			return &jwtError{
 				status:  status,
-				err:     err,
 				message: message,
+				err:     err,
 			}
 		}
 
@@ -238,16 +242,16 @@ func (m *Middleware) CreateToken(identity string) (string, error) {
 }
 
 // VerifyToken verifies a token
-func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Request) (int, error, string) {
+func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Request) (int, string, error) {
 	tokenParts := strings.Split(token, ".")
 	if len(tokenParts) != 3 {
-		return http.StatusUnauthorized, ErrMalformedToken, ""
+		return http.StatusUnauthorized, "", ErrMalformedToken
 	}
 
 	// First, verify JOSE header
 	header, err := decode(tokenParts[0])
 	if err != nil {
-		return http.StatusInternalServerError, err, fmt.Sprintf("decoding header (%v)", tokenParts[0])
+		return http.StatusInternalServerError, fmt.Sprintf("decoding header (%v)", tokenParts[0]), err
 	}
 	var t struct {
 		Typ string
@@ -255,7 +259,7 @@ func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Reque
 	}
 	err = json.Unmarshal(header, &t)
 	if err != nil {
-		return http.StatusInternalServerError, ErrMalformedToken, fmt.Sprintf("unmarshalling header (%s)", header)
+		return http.StatusInternalServerError, fmt.Sprintf("unmarshalling header (%s)", header), ErrMalformedToken
 	}
 
 	// Then, verify signature
@@ -264,29 +268,29 @@ func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Reque
 	mac.Write(message)
 	expectedMac, err := encode(mac.Sum(nil))
 	if err != nil {
-		return http.StatusInternalServerError, err, ""
+		return http.StatusInternalServerError, "", err
 	}
 	if !hmac.Equal([]byte(tokenParts[2]), []byte(expectedMac)) {
-		return http.StatusUnauthorized, ErrInvalidSignature, fmt.Sprintf("checking signature (%v)", tokenParts[2])
+		return http.StatusUnauthorized, fmt.Sprintf("checking signature (%v)", tokenParts[2]), ErrInvalidSignature
 	}
 
 	// Finally, check claims
 	claimSet, err := decode(tokenParts[1])
 	if err != nil {
-		return http.StatusInternalServerError, ErrDecoding, "decoding claims"
+		return http.StatusInternalServerError, "decoding claims", ErrDecoding
 	}
 	err = v(claimSet, r)
 	if err != nil {
-		return http.StatusUnauthorized, err, "handling claims callback"
+		return http.StatusUnauthorized, "handling claims callback", err
 	}
 
-	return 200, nil, ""
+	return 200, "", nil
 }
 
 type jwtError struct {
 	status  int
-	err     error
 	message string
+	err     error
 }
 
 type errorHandler func(http.ResponseWriter, *http.Request) *jwtError