Add anyhow, Improve Auth token code
Moved test helper code to its own module.
This commit is contained in:
Cameron Cordes
@@ -35,7 +35,7 @@ impl FromStr for Claims {
|
||||
let token = *(s.split("Bearer ").collect::<Vec<_>>().last().unwrap_or(&""));
|
||||
|
||||
match decode::<Claims>(
|
||||
&token,
|
||||
token,
|
||||
&DecodingKey::from_secret(secret_key().as_bytes()),
|
||||
&Validation::new(Algorithm::HS256),
|
||||
) {
|
||||
@@ -54,18 +54,27 @@ impl FromRequest for Claims {
|
||||
type Config = ();
|
||||
|
||||
fn from_request(req: &HttpRequest, _payload: &mut dev::Payload) -> Self::Future {
|
||||
let claims = match req.headers().get(header::AUTHORIZATION) {
|
||||
Some(header) => Claims::from_str(header.to_str().unwrap_or("")),
|
||||
None => Err(jsonwebtoken::errors::Error::from(
|
||||
jsonwebtoken::errors::ErrorKind::InvalidToken,
|
||||
)),
|
||||
};
|
||||
|
||||
if let Ok(claims) = claims {
|
||||
ok(claims)
|
||||
} else {
|
||||
err(ErrorUnauthorized("Bad token"))
|
||||
}
|
||||
req.headers()
|
||||
.get(header::AUTHORIZATION)
|
||||
.map_or_else(
|
||||
|| Err(anyhow!("No authorization header")),
|
||||
|header| {
|
||||
header
|
||||
.to_str()
|
||||
.context("Unable to read Authorization header to string")
|
||||
},
|
||||
)
|
||||
.and_then(|header| {
|
||||
Claims::from_str(header)
|
||||
.with_context(|| format!("Unable to decode token from: {}", header))
|
||||
})
|
||||
.map_or_else(
|
||||
|e| {
|
||||
error!("{}", e);
|
||||
err(ErrorUnauthorized("Bad token"))
|
||||
},
|
||||
ok,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -156,4 +165,17 @@ mod tests {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_junk_token_is_invalid() {
|
||||
let err = Claims::from_str("uni-֍ՓՓՓՓՓՓՓՓՓՓՓՓՓՓՓ");
|
||||
|
||||
match err.unwrap_err().into_kind() {
|
||||
ErrorKind::InvalidToken => assert!(true),
|
||||
kind => {
|
||||
println!("Unexpected error: {:?}", kind);
|
||||
assert!(false)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user