Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jwt v5 update #9

Merged
merged 6 commits into from
May 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions .github/workflows/checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ permissions:

env:
# run static analysis only with the latest Go version
LATEST_GO_VERSION: 1.19
LATEST_GO_VERSION: "1.20"

jobs:
check:
Expand Down Expand Up @@ -44,5 +44,3 @@ jobs:
go version
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...


2 changes: 1 addition & 1 deletion .github/workflows/echo.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
# Echo tests with last four major releases (unless there are pressing vulnerabilities)
# As we depend on `golang.org/x/` libraries which only support last 2 Go releases we could have situations when
# we derive from last four major releases promise.
go: [1.17, 1.18, 1.19]
go: ["1.18", "1.19", "1.20"]
name: ${{ matrix.os }} @ Go ${{ matrix.go }}
runs-on: ${{ matrix.os }}
steps:
Expand Down
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

# Echo JWT middleware

JWT middleware for [Echo](https://github.com/labstack/echo) framework. This middleware uses by default [golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt)
JWT middleware for [Echo](https://github.com/labstack/echo) framework. This middleware uses by default [golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt)
as JWT implementation.

## Versioning
Expand Down Expand Up @@ -48,7 +48,7 @@ e.Use(echojwt.WithConfig(echojwt.Config{

Extract token in handler
```go
import "github.com/golang-jwt/jwt/v4"
import "github.com/golang-jwt/jwt/v5"

// ...

Expand All @@ -72,7 +72,7 @@ package main

import (
"errors"
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/labstack/echo-jwt/v4"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/labstack/echo-jwt/v4
go 1.17

require (
github.com/golang-jwt/jwt/v4 v4.4.3
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/labstack/echo/v4 v4.9.0
github.com/stretchr/testify v1.8.1
)
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/labstack/echo/v4 v4.9.0 h1:wPOF1CE6gvt/kmbMR4dGzWvHMPT+sAEUJOwOTtvITVY=
github.com/labstack/echo/v4 v4.9.0/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks=
github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
Expand Down
2 changes: 1 addition & 1 deletion jwt.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"fmt"
"net/http"

"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
)
Expand Down
2 changes: 1 addition & 1 deletion jwt_benchmark_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package echojwt

import (
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/labstack/echo/v4"
"net/http"
"net/http/httptest"
Expand Down
4 changes: 2 additions & 2 deletions jwt_extranal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ package echojwt_test
import (
"errors"
"fmt"
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
echojwt "github.com/labstack/echo-jwt/v4"
"github.com/labstack/echo/v4"
"io"
Expand All @@ -25,7 +25,7 @@ func ExampleWithConfig_usage() {

e.GET("/", func(c echo.Context) error {
// make sure that your imports are correct versions. for example if you use `"github.com/golang-jwt/jwt"` as
// import this cast will fail and `"github.com/golang-jwt/jwt/v4"` will succeed.
// import this cast will fail and `"github.com/golang-jwt/jwt/v5"` will succeed.
// Although `.(*jwt.Token)` looks exactly the same for both packages but this struct is still different
token, ok := c.Get("user").(*jwt.Token) // by default token is stored under `user` key
if !ok {
Expand Down
14 changes: 7 additions & 7 deletions jwt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"strings"
"testing"

"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -110,15 +110,15 @@ func TestJWT_combinations(t *testing.T) {
SigningKey: validKey,
SigningMethod: "RS256",
},
expectError: "code=401, message=invalid or expired jwt, internal=unexpected jwt signing method=HS256",
expectError: "code=401, message=invalid or expired jwt, internal=token is unverifiable: error while executing keyfunc: unexpected jwt signing method=HS256",
},
{
name: "Invalid key",
hdrAuth: validAuth,
config: Config{
SigningKey: invalidKey,
},
expectError: "code=401, message=invalid or expired jwt, internal=signature is invalid",
expectError: "code=401, message=invalid or expired jwt, internal=token signature is invalid: signature is invalid",
},
{
name: "Valid JWT",
Expand Down Expand Up @@ -189,7 +189,7 @@ func TestJWT_combinations(t *testing.T) {
TokenLookup: "query:jwt",
},
reqURL: "/?a=b&jwt=invalid-token",
expectError: "code=401, message=invalid or expired jwt, internal=token contains an invalid number of segments",
expectError: "code=401, message=invalid or expired jwt, internal=token is malformed: token contains an invalid number of segments",
},
{
name: "Empty query",
Expand Down Expand Up @@ -231,7 +231,7 @@ func TestJWT_combinations(t *testing.T) {
TokenLookup: "cookie:jwt",
},
hdrCookie: "jwt=invalid",
expectError: "code=401, message=invalid or expired jwt, internal=token contains an invalid number of segments",
expectError: "code=401, message=invalid or expired jwt, internal=token is malformed: token contains an invalid number of segments",
},
{
name: "Empty cookie",
Expand All @@ -256,7 +256,7 @@ func TestJWT_combinations(t *testing.T) {
TokenLookup: "form:jwt",
},
formValues: map[string]string{"jwt": "invalid"},
expectError: "code=401, message=invalid or expired jwt, internal=token contains an invalid number of segments",
expectError: "code=401, message=invalid or expired jwt, internal=token is malformed: token contains an invalid number of segments",
},
{
name: "Empty form field",
Expand Down Expand Up @@ -513,7 +513,7 @@ func TestConfig_ErrorHandling(t *testing.T) {
},
},
whenAuthHeader: "Bearer x.x.x",
expectError: "illegal base64 data at input byte 0",
expectError: "token is malformed: could not base64 decode header: illegal base64 data at input byte 0",
},
}

Expand Down