Skip to content

Commit 8cf5f00

Browse files
fix(middlewares): treat empty JWT as invalid token in HTTP auth
Signed-off-by: Matías Insaurralde <matias@chainloop.dev>
1 parent a524da9 commit 8cf5f00

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

pkg/middlewares/http/jwt.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,10 @@ func AuthFromAuthorizationHeader(keyFunc jwt.Keyfunc, claimsFunc ClaimsFunc, sig
8484
func verifyAndMarshalJWT(token string, keyFunc jwt.Keyfunc, claimsFunc ClaimsFunc, signingMethod jwt.SigningMethod) (*jwt.Claims, error) {
8585
var tokenInfo *jwt.Token
8686

87+
if token == "" {
88+
return nil, jwtMiddleware.ErrTokenInvalid
89+
}
90+
8791
tokenInfo, err := jwt.ParseWithClaims(token, claimsFunc(), keyFunc)
8892
if err != nil {
8993
var ve *jwt.ValidationError

0 commit comments

Comments
 (0)