Nil pointer reference, if refreshtoken is expired or not sent with request

adam-hanna / jwt-auth

This package provides json web token (jwt) middleware for goLang http servers

MIT License

231 stars 43 forks source link

Nil pointer reference, if refreshtoken is expired or not sent with request #13

Open iwyg opened 3 years ago

iwyg commented 3 years ago

Hello there

Although this is a quite unlikely scenario, the auth.Handler will panic, caused by line 412 in auth.go, if the refresh token is not sent with the request.

Maybe error branching after calling err := auth.Process() instead of just checking for not err != nil would be a viable solution?

Kind Regards

adam-hanna commented 3 years ago

Sorry, I'm just seeing this, now. Thanks for the report.

areYouLazy commented 3 years ago

The same error seems to be triggered if the X-CSRF-Token does not match the value in JWTs