diff --git a/token/hmac/hmacsha.go b/token/hmac/hmacsha.go index ce64c6f9..695cff28 100644 --- a/token/hmac/hmacsha.go +++ b/token/hmac/hmacsha.go @@ -157,12 +157,12 @@ func (c *HMACStrategy) validate(ctx context.Context, secret []byte, token string return nil } -func (c *HMACStrategy) Signature(token string) string { - _, sig, ok := strings.Cut(token, ".") - if !ok { +func (*HMACStrategy) Signature(token string) string { + split := strings.Split(token, ".") + if len(split) != 2 { return "" } - return sig + return split[1] } func (c *HMACStrategy) generateHMAC(ctx context.Context, data []byte, key *[32]byte) []byte { diff --git a/token/hmac/hmacsha_test.go b/token/hmac/hmacsha_test.go index 546a1d3b..0295fec9 100644 --- a/token/hmac/hmacsha_test.go +++ b/token/hmac/hmacsha_test.go @@ -52,6 +52,20 @@ func TestGenerate(t *testing.T) { } } +func TestSignature(t *testing.T) { + cg := HMACStrategy{} + + for token, expected := range map[string]string{ + "": "", + "foo": "", + "foo.bar": "bar", + "foo.bar.baz": "", + ".": "", + } { + assert.Equal(t, expected, cg.Signature(token)) + } +} + func TestValidateSignatureRejects(t *testing.T) { cg := HMACStrategy{ Config: &fosite.Config{GlobalSecret: []byte("1234567890123456789012345678901234567890")},