Wrap the errors from functions called within ParseRequest

fixes #1175
lestrrat-go · Sep 5, 2024 · 94ddf5b · 94ddf5b
1 parent 4c5a198
commit 94ddf5b
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 10 deletions.
diff --git a/jwt/http.go b/jwt/http.go
@@ -224,6 +224,7 @@ func ParseRequest(req *http.Request, options ...ParseOption) (Token, error) {
 	lmhdrs := len(mhdrs)
 	lmfrms := len(mfrms)
 	lmcookies := len(mcookies)
+	var errors []interface{}
 	if lmhdrs > 0 || lmfrms > 0 || lmcookies > 0 {
 		b.WriteString(". Additionally, errors were encountered during attempts to parse")
 
@@ -236,9 +237,8 @@ func ParseRequest(req *http.Request, options ...ParseOption) (Token, error) {
 				}
 				b.WriteString("[header key: ")
 				b.WriteString(strconv.Quote(hdrkey))
-				b.WriteString(", error: ")
-				b.WriteString(strconv.Quote(err.Error()))
-				b.WriteString("]")
+				b.WriteString(", error: %w]")
+				errors = append(errors, err)
 				count++
 			}
 			b.WriteString(")")
@@ -253,9 +253,8 @@ func ParseRequest(req *http.Request, options ...ParseOption) (Token, error) {
 				}
 				b.WriteString("[cookie key: ")
 				b.WriteString(strconv.Quote(cookiekey))
-				b.WriteString(", error: ")
-				b.WriteString(strconv.Quote(err.Error()))
-				b.WriteString("]")
+				b.WriteString(", error: %w]")
+				errors = append(errors, err)
 				count++
 			}
 		}
@@ -269,12 +268,11 @@ func ParseRequest(req *http.Request, options ...ParseOption) (Token, error) {
 				}
 				b.WriteString("[form key: ")
 				b.WriteString(strconv.Quote(formkey))
-				b.WriteString(", error: ")
-				b.WriteString(strconv.Quote(err.Error()))
-				b.WriteString("]")
+				b.WriteString(", error: %w]")
+				errors = append(errors, err)
 				count++
 			}
 		}
 	}
-	return nil, fmt.Errorf(b.String())
+	return nil, fmt.Errorf(b.String(), errors...)
 }
diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go
@@ -1853,3 +1853,20 @@ func TestParseJSON(t *testing.T) {
 		})
 	}
 }
+
+func TestGH1175(t *testing.T) {
+	token, err := jwt.NewBuilder().
+		Expiration(time.Now().Add(-1 * time.Hour)).
+		Build()
+	require.NoError(t, err, `jwt.NewBuilder should succeed`)
+	secret := []byte("secret")
+	signed, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, secret))
+	require.NoError(t, err, `jwt.Sign should succeed`)
+
+	req := httptest.NewRequest(http.MethodGet, `http://example.com`, nil)
+	req.Header.Set("Authorization", "Bearer "+string(signed))
+
+	_, err = jwt.ParseRequest(req, jwt.WithKey(jwa.HS256, secret))
+	require.Error(t, err, `jwt.ParseRequest should fail`)
+	require.ErrorIs(t, err, jwt.ErrTokenExpired(), `jwt.ParseRequest should fail with jwt.ErrTokenExpired`)
+}