Ensure that authenticate only handles POST

2015-05-07 22:33:27 -08:00 · 2015-05-07 22:33:27 -08:00 · b3e5aa96ee
commit b3e5aa96ee
parent e80c34437b
2 changed files with 19 additions and 0 deletions
--- a/jwt.go
+++ b/jwt.go
@ -31,6 +31,7 @@ var (
 	ErrMalformedToken     = errors.New("please provide a valid token")
 	ErrInvalidSignature   = errors.New("signature could not be verified")
 	ErrParsingCredentials = errors.New("error parsing credentials")
 	ErrInvalidMethod      = errors.New("invalid request method")
 )
 // AuthFunc is a type for delegating user authentication to the client-code.
@ -175,6 +176,13 @@ func (m *Middleware) Secure(h http.Handler, v VerifyClaimsFunc) http.Handler {
 // the requester.
 func (m *Middleware) GenerateToken() http.Handler {
 	generateHandler := func(w http.ResponseWriter, r *http.Request) *jwtError {
 		if r.Method != "POST" {
 			return &jwtError{
 				status:  http.StatusBadRequest,
 				err:     ErrInvalidMethod,
 				message: "receiving request",
 			}
 		}
 		var b map[string]string
 		err := json.NewDecoder(r.Body).Decode(&b)
 		if err != nil {
--- a/jwt_test.go
+++ b/jwt_test.go
@ -221,3 +221,14 @@ func TestSecureHandlerGoodToken(t *testing.T) {
 		t.Errorf("wanted %s, got %s", "test", body)
 	}
 }
 func TestGenerateTokenHandlerNotPOST(t *testing.T) {
 	middleware := newMiddlewareOrFatal(t)
 	resp := httptest.NewRecorder()
 	req, _ := http.NewRequest("PUT", "http://example.com", nil)
 	middleware.GenerateToken().ServeHTTP(resp, req)
 	body := strings.TrimSpace(resp.Body.String())
 	if body != ErrInvalidMethod.Error() {
 		t.Errorf("wanted %q, got %q", ErrInvalidMethod.Error(), body)
 	}
 }