Possible error in token parsing examples
zeim839 opened this issue · comments
I am using a modified version of the doc example here. My code is as follows:
func VerifyJWT(secret string, tokenStr string) (string, int, error) {
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(secret), nil
})
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return claims["address"].(string), claims["user_id"].(int), nil
}
return "", 0, err
}When given a bad tokenStr, the example breaks at the if claims, ok := ... clause and prints an error. However, I am getting a runtime panic:
runtime error: invalid memory address or nil pointer dereference
/usr/local/go/src/runtime/panic.go:220 (0x404d4f5)
panicmem: panic(memoryError)
/usr/local/go/src/runtime/signal_unix.go:818 (0x404d4c5)
sigpanic: panicmem()
/Users/DIR/jwt.go:28 (0x45b8c85)
VerifyJWT: if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
However, the error is resolved when I test for err != nil:
func VerifyJWT(secret string, tokenStr string) (string, int, error) {
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(secret), nil
})
// TEST FOR ERR
if err != nil {
return "", 0, err
}
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return claims["address"].(string), claims["user_id"].(int), nil
}
return "", 0, err
}I am testing with secret="0x123456789" and tokenStr="hello". err is token is malformed token contains an invalid number of segments.
Thanks for filing an issue, you're absolutely right, we should update the examples to always check for an error.
It's a Go best practice to check the error and only if there's no error assume the return value is valid.
We'll get this updated!