Merge pull request #123 from 418Coffee/master

fix: make empty AuthScheme possible for headers
gofiber · Apr 21, 2023 · 0c03b8d · 0c03b8d
2 parents dfca5ee + a405343
commit 0c03b8d
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -40,7 +40,7 @@ jwtware.New(config ...jwtware.Config) func(*fiber.Ctx) error
 | ContextKey               | `string` | Context key to store user information from the token into context.                                                                                   | `"user"` |
 | Claims                   | `jwt.Claim` | Claims are extendable claims data defining token content.                                                                                            | `jwt.MapClaims{}` |
 | TokenLookup              | `string` | TokenLookup is a string in the form of `<source>:<name>` that is used                                                                                | `"header:Authorization"` |
-| AuthScheme               | `string` | AuthScheme to be used in the Authorization header.                                                                                                   | `"Bearer"` |
+| AuthScheme               | `string` | AuthScheme to be used in the Authorization header. The default value (`"Bearer"`) will only be used in conjuction with the default `TokenLookup` value.                                                                                                 | `"Bearer"` |
 | KeySetURL(deprecated)    | `string` | KeySetURL location of JSON file with signing keys.                                                                                                   | `""` |
 | KeySetURLs               | `string` | KeySetURL locations of JSON file with signing keys.                                                                                                  | `""` |
 | KeyRefreshSuccessHandler | `func(j *KeySet)` | KeyRefreshSuccessHandler defines a function which is executed for a valid refresh of signing keys.                                                   | `nil` |

diff --git a/config.go b/config.go
@@ -155,9 +155,10 @@ func makeCfg(config []Config) (cfg Config) {
 	}
 	if cfg.TokenLookup == "" {
 		cfg.TokenLookup = defaultTokenLookup
-	}
-	if cfg.AuthScheme == "" {
-		cfg.AuthScheme = "Bearer"
+		// set AuthScheme as "Bearer" only if TokenLookup is set to default.
+		if cfg.AuthScheme == "" {
+			cfg.AuthScheme = "Bearer"
+		}
 	}
 	if cfg.KeyRefreshTimeout == nil {
 		cfg.KeyRefreshTimeout = &defaultKeyRefreshTimeout

diff --git a/config_test.go b/config_test.go
@@ -81,4 +81,34 @@ func TestExtractorsInitialization(t *testing.T) {
 	if len(extractors) != 4 {
 		t.Fatalf("Extractors should not be created for invalid lookups")
 	}
+	if cfg.AuthScheme != "" {
+		t.Fatal("AuthScheme should be \"\"")
+	}
+}
+
+func TestCustomTokenLookup(t *testing.T) {
+	t.Parallel()
+
+	defer func() {
+		// Assert
+		if err := recover(); err != nil {
+			t.Fatalf("Middleware should not panic")
+		}
+	}()
+
+	// Arrange
+	lookup := `header:X-Auth`
+	scheme := "Token"
+	cfg := Config{
+		SigningKey:  "",
+		TokenLookup: lookup,
+		AuthScheme:  scheme,
+	}
+
+	if cfg.TokenLookup != lookup {
+		t.Fatalf("TokenLookup should be %s", lookup)
+	}
+	if cfg.AuthScheme != scheme {
+		t.Fatalf("AuthScheme should be %s", scheme)
+	}
 }