-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jwt: enforce the presence of a space between the authentication scheme and token #1190
base: main
Are you sure you want to change the base?
Conversation
WalkthroughThe changes made in this pull request focus on improving the organization and clarity of the test cases in the Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
jwt/utils.go (1)
19-20
: Approve change with minor improvement suggestionThe addition of a space to the
authScheme
effectively enforces the presence of a space between the authentication scheme and the token, which aligns with the PR objective. This change improves the robustness of the function without breaking existing functionality.However, to avoid modifying the input parameter and to handle cases where the input might already contain a trailing space, consider the following improvement:
func jwtFromHeader(header string, authScheme string) func(c *fiber.Ctx) (string, error) { - // Enforce the presence of a space between the authentication scheme and the token - authScheme = authScheme + " " + // Ensure the authentication scheme ends with a single space + authSchemeWithSpace := strings.TrimSpace(authScheme) + " " return func(c *fiber.Ctx) (string, error) { auth := c.Get(header) - l := len(authScheme) - if len(auth) > l+1 && strings.EqualFold(auth[:l], authScheme) { - return strings.TrimSpace(auth[l:]), nil + l := len(authSchemeWithSpace) + if len(auth) > l+1 && strings.EqualFold(auth[:l], authSchemeWithSpace) { + return strings.TrimSpace(auth[l:]), nil } return "", ErrJWTMissingOrMalformed } }This modification ensures that:
- The input
authScheme
is not modified directly.- Any existing trailing spaces in
authScheme
are handled correctly.- The comparison uses the standardized
authSchemeWithSpace
.jwt/jwt_test.go (1)
117-171
: Consider these minor improvements to enhance the test suite further:
The "malformed header" subtest name could be more descriptive, e.g., "malformed_authorization_header" or "missing_space_in_header".
In the "malformed header" subtest, consider checking the error message to ensure the correct error is being returned. For example:
body, _ := io.ReadAll(resp.Body) utils.AssertEqual(t, "Missing or malformed JWT", string(body))
- To reduce code duplication, consider parameterizing the test cases. For example:
testCases := []struct { name string header string expectedCode int }{ {"valid_token", "Bearer " + test.Token, 200}, {"malformed_header", "Bearer" + test.Token, 400}, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { // Test setup... req.Header.Set("Authorization", tc.header) resp, err := app.Test(req) utils.AssertEqual(t, nil, err) utils.AssertEqual(t, tc.expectedCode, resp.StatusCode) }) }These changes would make the tests more robust and easier to maintain.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
- jwt/jwt_test.go (1 hunks)
- jwt/utils.go (1 hunks)
🧰 Additional context used
🔇 Additional comments (2)
jwt/jwt_test.go (2)
117-171
: Excellent restructuring of theTestJwtFromHeader
function!The changes significantly improve the organization and readability of the test cases:
- Using subtests (
t.Run
) allows for better isolation of test scenarios and improved output when running tests.- The "regular" subtest maintains the existing functionality, ensuring backward compatibility.
- The new "malformed header" subtest adds coverage for an important edge case, improving the overall test suite.
These changes align with Go testing best practices and make the tests more maintainable.
Line range hint
1-171
: Overall, excellent improvements to the JWT test suite!The changes to the
TestJwtFromHeader
function enhance the structure and readability of the tests. The introduction of subtests and the new test case for malformed headers strengthen the overall test coverage.While the changes are already valuable, the minor suggestions provided could further refine the test suite. These include improving subtest naming, adding more specific assertions, and considering parameterization to reduce code duplication.
Great work on improving the test suite's maintainability and effectiveness!
Summary by CodeRabbit
New Features
Bug Fixes