Export getStateful, simplify interface.

We used to return nil, nil if the token didn't exist. We now return os.ErrNotExist.
2024-05-01 19:05:52 +02:00 · 2024-05-01 19:05:52 +02:00 · 8a94f4a716
parent 0c3616642d
commit 8a94f4a716
3 changed files with 18 additions and 20 deletions
--- a/token/jwt.go
+++ b/token/jwt.go
@ -126,6 +126,8 @@ func toStringArray(a interface{}) ([]string, bool) {
 	return b, true
 }

+// parseJWT tries to parse a string as a JWT.
+// It returns (nil, nil) if the string does not look like a JWT.
 func parseJWT(token string, keys []map[string]interface{}) (*JWT, error) {
 	t, err := jwt.Parse(
 		token,
--- a/token/stateful.go
+++ b/token/stateful.go
@ -57,20 +57,23 @@ func SetStatefulFilename(filename string) {
 	tokens.modTime = time.Time{}
 }

-func getStateful(token string) (*Stateful, error) {
+// Get fetches a stateful token.
+// It returns os.ErrNotExist if the token doesn't exist.
+func Get(token string) (*Stateful, error) {
 	tokens.mu.Lock()
 	defer tokens.mu.Unlock()
 	err := tokens.load()
 	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			return nil, nil
-		}
 		return nil, err
 	}
 	if tokens.tokens == nil {
-		return nil, nil
+		return nil, os.ErrNotExist
 	}
-	return tokens.tokens[token], nil
+	t := tokens.tokens[token]
+	if t == nil {
+		return nil, os.ErrNotExist
+	}
+	return t, nil
 }

 func (token *Stateful) Check(host, group string, username *string) (string, []string, error) {
--- a/token/token.go
+++ b/token/token.go
@ -2,7 +2,6 @@ package token

 import (
 	"errors"
-	"os"
 )

 var ErrUsernameRequired = errors.New("username required")
@ -13,21 +12,15 @@ type Token interface {

 func Parse(token string, keys []map[string]interface{}) (Token, error) {
 	// both getStateful and parseJWT may return nil, which we
-	// shouldn't cast into an interface.  Be very careful.
-	s, err1 := getStateful(token)
-	if err1 == nil && s != nil {
-		return s, nil
+	// shouldn't cast into an interface before testing for nil.
+	jwt, err := parseJWT(token, keys)
+	if err != nil {
+		// parses correctly but doesn't validate
+		return nil, err
 	}
-
-	jwt, err2 := parseJWT(token, keys)
-	if err2 == nil && jwt != nil {
+	if jwt != nil {
 		return jwt, nil
 	}

-	if err1 != nil {
-		return nil, err1
-	} else if err2 != nil {
-		return nil, err2
-	}
-	return nil, os.ErrNotExist
+	return Get(token)
 }