revert: signature extraction in the HMAC strategy (#835)

ory · Nov 4, 2024 · 6335f90 · 6335f90
1 parent f34ee26
commit 6335f90
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/token/hmac/hmacsha.go b/token/hmac/hmacsha.go
@@ -157,12 +157,12 @@ func (c *HMACStrategy) validate(ctx context.Context, secret []byte, token string
 	return nil
 }
 
-func (c *HMACStrategy) Signature(token string) string {
-	_, sig, ok := strings.Cut(token, ".")
-	if !ok {
+func (*HMACStrategy) Signature(token string) string {
+	split := strings.Split(token, ".")
+	if len(split) != 2 {
 		return ""
 	}
-	return sig
+	return split[1]
 }
 
 func (c *HMACStrategy) generateHMAC(ctx context.Context, data []byte, key *[32]byte) []byte {

diff --git a/token/hmac/hmacsha_test.go b/token/hmac/hmacsha_test.go
@@ -52,6 +52,20 @@ func TestGenerate(t *testing.T) {
 	}
 }
 
+func TestSignature(t *testing.T) {
+	cg := HMACStrategy{}
+
+	for token, expected := range map[string]string{
+		"":            "",
+		"foo":         "",
+		"foo.bar":     "bar",
+		"foo.bar.baz": "",
+		".":           "",
+	} {
+		assert.Equal(t, expected, cg.Signature(token))
+	}
+}
+
 func TestValidateSignatureRejects(t *testing.T) {
 	cg := HMACStrategy{
 		Config: &fosite.Config{GlobalSecret: []byte("1234567890123456789012345678901234567890")},