godep update github.com/thermokarst/jwt

Godeps/Godeps.json

@@ -51,7 +51,7 @@
 		},
 		{
 			"ImportPath": "github.com/thermokarst/jwt",
-			"Rev": "88ac9569ee8c8fc9083704a7219334fcc210c6a5"
+			"Rev": "6b69668616b8d8598fddf36b4bb4e4e3acb56008"
 		},
 		{
 			"ImportPath": "golang.org/x/crypto/bcrypt",

Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go

@@ -143,15 +143,31 @@ func (m *Middleware) Authenticate() http.Handler {
 				message: "receiving request",
 			}
 		}
-		var b map[string]string
-		err := json.NewDecoder(r.Body).Decode(&b)
-		if err != nil {
-			return &jwtError{
-				status:  http.StatusInternalServerError,
-				err:     ErrParsingCredentials,
-				message: "parsing authorization",
+
+		b := make(map[string]string, 0)
+		contentType := r.Header.Get("content-type")
+		switch contentType {
+		case "application/x-www-form-urlencoded":
+			identity, verify := r.FormValue(m.identityField), r.FormValue(m.verifyField)
+			if identity == "" || verify == "" {
+				return &jwtError{
+					status:  http.StatusInternalServerError,
+					err:     ErrParsingCredentials,
+					message: "parsing authorization",
+				}
+			}
+			b[m.identityField], b[m.verifyField] = identity, verify
+		default:
+			err := json.NewDecoder(r.Body).Decode(&b)
+			if err != nil {
+				return &jwtError{
+					status:  http.StatusInternalServerError,
+					err:     ErrParsingCredentials,
+					message: "parsing authorization",
+				}
 			}
 		}
+
 		// Check if required fields are in the body
 		if _, ok := b[m.identityField]; !ok {
 			return &jwtError{
@@ -167,7 +183,7 @@ func (m *Middleware) Authenticate() http.Handler {
 				message: "parsing credentials, missing verify field",
 			}
 		}
-		err = m.auth(b[m.identityField], b[m.verifyField])
+		err := m.auth(b[m.identityField], b[m.verifyField])
 		if err != nil {
 			return &jwtError{
 				status:  http.StatusInternalServerError,

Godeps/_workspace/src/github.com/thermokarst/jwt/jwt_test.go

@@ -1,234 +0,0 @@
-package jwt
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-	"time"
-)
-
-var testHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-	w.Write([]byte("test"))
-})
-
-var authFunc = func(email, password string) error {
-	return nil
-}
-
-var claimsFunc = func(id string) (map[string]interface{}, error) {
-	currentTime := time.Now()
-	return map[string]interface{}{
-		"iat": currentTime.Unix(),
-		"exp": currentTime.Add(time.Minute * 60 * 24).Unix(),
-	}, nil
-}
-
-var verifyClaimsFunc = func(claims []byte, r *http.Request) error {
-	currentTime := time.Now()
-	var c struct {
-		Exp int64
-		Iat int64
-	}
-	err := json.Unmarshal(claims, &c)
-	if err != nil {
-		return err
-	}
-	if currentTime.After(time.Unix(c.Exp, 0)) {
-		return errors.New("expired")
-	}
-	return nil
-}
-
-func newMiddlewareOrFatal(t *testing.T) *Middleware {
-	config := &Config{
-		Secret: "password",
-		Auth:   authFunc,
-		Claims: claimsFunc,
-	}
-	middleware, err := New(config)
-	if err != nil {
-		t.Fatalf("new middleware: %v", err)
-	}
-	return middleware
-}
-
-func newToken(t *testing.T) (string, *Middleware) {
-	middleware := newMiddlewareOrFatal(t)
-	authBody := map[string]interface{}{
-		"email":    "user@example.com",
-		"password": "password",
-	}
-	body, err := json.Marshal(authBody)
-	if err != nil {
-		t.Error(err)
-	}
-
-	ts := httptest.NewServer(middleware.Authenticate())
-	defer ts.Close()
-
-	resp, err := http.Post(ts.URL, "application/json", bytes.NewReader(body))
-	respBody, err := ioutil.ReadAll(resp.Body)
-	resp.Body.Close()
-	if err != nil {
-		t.Error(err)
-	}
-	return string(respBody), middleware
-}
-
-func TestNewJWTMiddleware(t *testing.T) {
-	middleware := newMiddlewareOrFatal(t)
-	if middleware.secret != "password" {
-		t.Errorf("wanted password, got %v", middleware.secret)
-	}
-	err := middleware.auth("", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	claimsVal, err := middleware.claims("1")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, ok := claimsVal["iat"]; !ok {
-		t.Errorf("wanted a claims set, got %v", claimsVal)
-	}
-	if middleware.identityField != "email" {
-		t.Errorf("wanted email, got %v", middleware.identityField)
-	}
-	if middleware.verifyField != "password" {
-		t.Errorf("wanted password, got %v", middleware.verifyField)
-	}
-}
-
-func TestNewJWTMiddlewareNoConfig(t *testing.T) {
-	cases := map[*Config]error{
-		nil:       ErrMissingConfig,
-		&Config{}: ErrMissingSecret,
-		&Config{
-			Auth:   authFunc,
-			Claims: claimsFunc,
-		}: ErrMissingSecret,
-		&Config{
-			Secret: "secret",
-			Claims: claimsFunc,
-		}: ErrMissingAuthFunc,
-		&Config{
-			Auth:   authFunc,
-			Secret: "secret",
-		}: ErrMissingClaimsFunc,
-	}
-	for config, jwtErr := range cases {
-		_, err := New(config)
-		if err != jwtErr {
-			t.Errorf("wanted error: %v, got error: %v using config: %v", jwtErr, err, config)
-		}
-	}
-}
-func TestGenerateTokenHandler(t *testing.T) {
-	token, m := newToken(t)
-	j := strings.Split(token, ".")
-
-	header := base64.StdEncoding.EncodeToString([]byte(`{"typ":"JWT","alg":"HS256"}`))
-	if j[0] != header {
-		t.Errorf("wanted %v, got %v", header, j[0])
-	}
-
-	claims, err := base64.StdEncoding.DecodeString(j[1])
-	var c struct {
-		Exp int
-		Iat int
-	}
-	err = json.Unmarshal(claims, &c)
-	if err != nil {
-		t.Error(err)
-	}
-	duration := time.Duration(c.Exp-c.Iat) * time.Second
-	d := time.Minute * 60 * 24
-	if duration != d {
-		t.Errorf("wanted %v, got %v", d, duration)
-	}
-	mac := hmac.New(sha256.New, []byte(m.secret))
-	message := []byte(strings.Join([]string{j[0], j[1]}, "."))
-	mac.Write(message)
-	expectedMac := base64.StdEncoding.EncodeToString(mac.Sum(nil))
-	if !hmac.Equal([]byte(j[2]), []byte(expectedMac)) {
-		t.Errorf("wanted %v, got %v", expectedMac, j[2])
-	}
-}
-
-func TestSecureHandlerNoToken(t *testing.T) {
-	middleware := newMiddlewareOrFatal(t)
-	resp := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "http://example.com", nil)
-	middleware.Secure(testHandler, verifyClaimsFunc).ServeHTTP(resp, req)
-	body := strings.TrimSpace(resp.Body.String())
-	if body != ErrMissingToken.Error() {
-		t.Errorf("wanted %q, got %q", ErrMissingToken.Error(), body)
-	}
-}
-
-func TestSecureHandlerBadToken(t *testing.T) {
-	middleware := newMiddlewareOrFatal(t)
-	resp := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "http://example.com", nil)
-	req.Header.Set("Authorization", "Bearer abcdefg")
-	middleware.Secure(testHandler, verifyClaimsFunc).ServeHTTP(resp, req)
-	body := strings.TrimSpace(resp.Body.String())
-	if body != ErrMalformedToken.Error() {
-		t.Errorf("wanted %q, got %q", ErrMalformedToken.Error(), body)
-	}
-
-	resp = httptest.NewRecorder()
-	req, _ = http.NewRequest("GET", "http://example.com", nil)
-	req.Header.Set("Authorization", "Bearer abcd.abcd.abcd")
-	middleware.Secure(testHandler, verifyClaimsFunc).ServeHTTP(resp, req)
-	body = strings.TrimSpace(resp.Body.String())
-	if body != ErrMalformedToken.Error() {
-		t.Errorf("wanted %q, got %q", ErrMalformedToken.Error(), body)
-	}
-}
-
-func TestSecureHandlerBadSignature(t *testing.T) {
-	token, middleware := newToken(t)
-	parts := strings.Split(token, ".")
-	token = strings.Join([]string{parts[0], parts[1], "abcd"}, ".")
-	resp := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "http://example.com", nil)
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
-	middleware.Secure(testHandler, verifyClaimsFunc).ServeHTTP(resp, req)
-	body := strings.TrimSpace(resp.Body.String())
-	if body != ErrInvalidSignature.Error() {
-		t.Errorf("wanted %s, got %s", ErrInvalidSignature.Error(), body)
-	}
-}
-
-func TestSecureHandlerGoodToken(t *testing.T) {
-	token, middleware := newToken(t)
-	resp := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "http://example.com", nil)
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
-	middleware.Secure(testHandler, verifyClaimsFunc).ServeHTTP(resp, req)
-	body := strings.TrimSpace(resp.Body.String())
-	if body != "test" {
-		t.Errorf("wanted %s, got %s", "test", body)
-	}
-}
-
-func TestGenerateTokenHandlerNotPOST(t *testing.T) {
-	middleware := newMiddlewareOrFatal(t)
-	resp := httptest.NewRecorder()
-	req, _ := http.NewRequest("PUT", "http://example.com", nil)
-	middleware.Authenticate().ServeHTTP(resp, req)
-	body := strings.TrimSpace(resp.Body.String())
-	if body != ErrInvalidMethod.Error() {
-		t.Errorf("wanted %q, got %q", ErrInvalidMethod.Error(), body)
-	}
-}