Fixed #802, closes #773

vishr · vishr · commit 9fe724dedb1d · 2017-01-05T12:38:39.000-08:00
Signed-off-by: Vishal Rana &lt;vr@labstack.com&gt;
diff --git a/middleware/csrf.go b/middleware/csrf.go
@@ -140,10 +140,10 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
 				// Validate token only for requests which are not defined as 'safe' by RFC7231
 				clientToken, err := extractor(c)
 				if err != nil {
-					return err
+					return echo.NewHTTPError(http.StatusBadRequest, err.Error())
 				}
 				if !validateCSRFToken(token, clientToken) {
-					return echo.NewHTTPError(http.StatusForbidden, "CSRF token is invalid")
+					return echo.NewHTTPError(http.StatusForbidden, "Invalid csrf token")
 				}
 			}
 
@@ -187,7 +187,7 @@ func csrfTokenFromForm(param string) csrfTokenExtractor {
 	return func(c echo.Context) (string, error) {
 		token := c.FormValue(param)
 		if token == "" {
-			return "", errors.New("Missing csrf token in form param")
+			return "", errors.New("Missing csrf token in the form parameter")
 		}
 		return token, nil
 	}
@@ -199,7 +199,7 @@ func csrfTokenFromQuery(param string) csrfTokenExtractor {
 	return func(c echo.Context) (string, error) {
 		token := c.QueryParam(param)
 		if token == "" {
-			return "", errors.New("Missing csrf token in query param")
+			return "", errors.New("Missing csrf token in the query string")
 		}
 		return token, nil
 	}
diff --git a/middleware/jwt.go b/middleware/jwt.go
@@ -111,7 +111,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
 	config.keyFunc = func(t *jwt.Token) (interface{}, error) {
 		// Check the signing method
 		if t.Method.Alg() != config.SigningMethod {
-			return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])
+			return nil, fmt.Errorf("Unexpected jwt signing method=%v", t.Header["alg"])
 		}
 		return config.SigningKey, nil
 	}
@@ -162,7 +162,7 @@ func jwtFromHeader(header string, authScheme string) jwtExtractor {
 		if len(auth) > l+1 && auth[:l] == authScheme {
 			return auth[l+1:], nil
 		}
-		return "", errors.New("Missing or invalid jwt in request header")
+		return "", errors.New("Missing or invalid jwt in the request header")
 	}
 }
 
@@ -171,7 +171,7 @@ func jwtFromQuery(param string) jwtExtractor {
 	return func(c echo.Context) (string, error) {
 		token := c.QueryParam(param)
 		if token == "" {
-			return "", errors.New("Missing jwt in query string")
+			return "", errors.New("Missing jwt in the query string")
 		}
 		return token, nil
 	}
@@ -182,7 +182,7 @@ func jwtFromCookie(name string) jwtExtractor {
 	return func(c echo.Context) (string, error) {
 		cookie, err := c.Cookie(name)
 		if err != nil {
-			return "", errors.New("Missing jwt in cookie")
+			return "", errors.New("Missing jwt in the cookie")
 		}
 		return cookie.Value, nil
 	}
diff --git a/middleware/key_auth.go b/middleware/key_auth.go
@@ -115,7 +115,7 @@ func keyFromHeader(header string, authScheme string) keyExtractor {
 			if len(auth) > l+1 && auth[:l] == authScheme {
 				return auth[l+1:], nil
 			}
-			return "", errors.New("Invalid key in request header")
+			return "", errors.New("Invalid key in the request header")
 		}
 		return auth, nil
 	}
@@ -126,7 +126,7 @@ func keyFromQuery(param string) keyExtractor {
 	return func(c echo.Context) (string, error) {
 		key := c.QueryParam(param)
 		if key == "" {
-			return "", errors.New("Missing key in query string")
+			return "", errors.New("Missing key in the query string")
 		}
 		return key, nil
 	}

Original file line number	Diff line number	Diff line change
`@@ -140,10 +140,10 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {`
`140`	`140`	`// Validate token only for requests which are not defined as 'safe' by RFC7231`
`141`	`141`	`clientToken, err := extractor(c)`
`142`	`142`	`if err != nil {`
`143`		`- return err`
	`143`	`+ return echo.NewHTTPError(http.StatusBadRequest, err.Error())`
`144`	`144`	`}`
`145`	`145`	`if !validateCSRFToken(token, clientToken) {`
`146`		`- return echo.NewHTTPError(http.StatusForbidden, "CSRF token is invalid")`
	`146`	`+ return echo.NewHTTPError(http.StatusForbidden, "Invalid csrf token")`
`147`	`147`	`}`
`148`	`148`	`}`
`149`	`149`
`@@ -187,7 +187,7 @@ func csrfTokenFromForm(param string) csrfTokenExtractor {`
`187`	`187`	`return func(c echo.Context) (string, error) {`
`188`	`188`	`token := c.FormValue(param)`
`189`	`189`	`if token == "" {`
`190`		`- return "", errors.New("Missing csrf token in form param")`
	`190`	`+ return "", errors.New("Missing csrf token in the form parameter")`
`191`	`191`	`}`
`192`	`192`	`return token, nil`
`193`	`193`	`}`
`@@ -199,7 +199,7 @@ func csrfTokenFromQuery(param string) csrfTokenExtractor {`
`199`	`199`	`return func(c echo.Context) (string, error) {`
`200`	`200`	`token := c.QueryParam(param)`
`201`	`201`	`if token == "" {`
`202`		`- return "", errors.New("Missing csrf token in query param")`
	`202`	`+ return "", errors.New("Missing csrf token in the query string")`
`203`	`203`	`}`
`204`	`204`	`return token, nil`
`205`	`205`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {`
`111`	`111`	`config.keyFunc = func(t *jwt.Token) (interface{}, error) {`
`112`	`112`	`// Check the signing method`
`113`	`113`	`if t.Method.Alg() != config.SigningMethod {`
`114`		`- return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])`
	`114`	`+ return nil, fmt.Errorf("Unexpected jwt signing method=%v", t.Header["alg"])`
`115`	`115`	`}`
`116`	`116`	`return config.SigningKey, nil`
`117`	`117`	`}`
`@@ -162,7 +162,7 @@ func jwtFromHeader(header string, authScheme string) jwtExtractor {`
`162`	`162`	`if len(auth) > l+1 && auth[:l] == authScheme {`
`163`	`163`	`return auth[l+1:], nil`
`164`	`164`	`}`
`165`		`- return "", errors.New("Missing or invalid jwt in request header")`
	`165`	`+ return "", errors.New("Missing or invalid jwt in the request header")`
`166`	`166`	`}`
`167`	`167`	`}`
`168`	`168`
`@@ -171,7 +171,7 @@ func jwtFromQuery(param string) jwtExtractor {`
`171`	`171`	`return func(c echo.Context) (string, error) {`
`172`	`172`	`token := c.QueryParam(param)`
`173`	`173`	`if token == "" {`
`174`		`- return "", errors.New("Missing jwt in query string")`
	`174`	`+ return "", errors.New("Missing jwt in the query string")`
`175`	`175`	`}`
`176`	`176`	`return token, nil`
`177`	`177`	`}`
`@@ -182,7 +182,7 @@ func jwtFromCookie(name string) jwtExtractor {`
`182`	`182`	`return func(c echo.Context) (string, error) {`
`183`	`183`	`cookie, err := c.Cookie(name)`
`184`	`184`	`if err != nil {`
`185`		`- return "", errors.New("Missing jwt in cookie")`
	`185`	`+ return "", errors.New("Missing jwt in the cookie")`
`186`	`186`	`}`
`187`	`187`	`return cookie.Value, nil`
`188`	`188`	`}`
Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ func keyFromHeader(header string, authScheme string) keyExtractor {`
`115`	`115`	`if len(auth) > l+1 && auth[:l] == authScheme {`
`116`	`116`	`return auth[l+1:], nil`
`117`	`117`	`}`
`118`		`- return "", errors.New("Invalid key in request header")`
	`118`	`+ return "", errors.New("Invalid key in the request header")`
`119`	`119`	`}`
`120`	`120`	`return auth, nil`
`121`	`121`	`}`
`@@ -126,7 +126,7 @@ func keyFromQuery(param string) keyExtractor {`
`126`	`126`	`return func(c echo.Context) (string, error) {`
`127`	`127`	`key := c.QueryParam(param)`
`128`	`128`	`if key == "" {`
`129`		`- return "", errors.New("Missing key in query string")`
	`129`	`+ return "", errors.New("Missing key in the query string")`
`130`	`130`	`}`
`131`	`131`	`return key, nil`
`132`	`132`	`}`