From 2fe4a09e5ba3530b701397c0f42d5003958def3f Mon Sep 17 00:00:00 2001
From: Kit Loong <kitloong1008@gmail.com>
Date: Tue, 25 Jul 2023 22:29:26 +0800
Subject: [PATCH] Return HTTP status 400 if missing JWT

---
 jwt.go      |  6 +++---
 jwt_test.go | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/jwt.go b/jwt.go
index 24f9397..1e97d30 100644
--- a/jwt.go
+++ b/jwt.go
@@ -254,11 +254,11 @@ func (config Config) ToMiddleware() (echo.MiddlewareFunc, error) {
 				return tmpErr
 			}
 
-			message := "invalid or expired jwt"
 			if lastTokenErr == nil {
-				message = "missing or malformed jwt"
+				return echo.NewHTTPError(http.StatusBadRequest, "missing or malformed jwt").SetInternal(err)
 			}
-			return echo.NewHTTPError(http.StatusUnauthorized, message).SetInternal(err)
+
+			return echo.NewHTTPError(http.StatusUnauthorized, "invalid or expired jwt").SetInternal(err)
 		}
 	}, nil
 }
diff --git a/jwt_test.go b/jwt_test.go
index 9f62129..8213aa7 100644
--- a/jwt_test.go
+++ b/jwt_test.go
@@ -156,14 +156,14 @@ func TestJWT_combinations(t *testing.T) {
 			config: Config{
 				SigningKey: validKey,
 			},
-			expectError: "code=401, message=missing or malformed jwt, internal=invalid value in request header",
+			expectError: "code=400, message=missing or malformed jwt, internal=invalid value in request header",
 		},
 		{
 			name: "Empty header auth field",
 			config: Config{
 				SigningKey: validKey,
 			},
-			expectError: "code=401, message=missing or malformed jwt, internal=invalid value in request header",
+			expectError: "code=400, message=missing or malformed jwt, internal=invalid value in request header",
 		},
 		{
 			name: "Valid query method",
@@ -180,7 +180,7 @@ func TestJWT_combinations(t *testing.T) {
 				TokenLookup: "query:jwt",
 			},
 			reqURL:      "/?a=b&jwtxyz=" + token,
-			expectError: "code=401, message=missing or malformed jwt, internal=missing value in the query string",
+			expectError: "code=400, message=missing or malformed jwt, internal=missing value in the query string",
 		},
 		{
 			name: "Invalid query param value",
@@ -198,7 +198,7 @@ func TestJWT_combinations(t *testing.T) {
 				TokenLookup: "query:jwt",
 			},
 			reqURL:      "/?a=b",
-			expectError: "code=401, message=missing or malformed jwt, internal=missing value in the query string",
+			expectError: "code=400, message=missing or malformed jwt, internal=missing value in the query string",
 		},
 		{
 			config: Config{
@@ -239,7 +239,7 @@ func TestJWT_combinations(t *testing.T) {
 				SigningKey:  validKey,
 				TokenLookup: "cookie:jwt",
 			},
-			expectError: "code=401, message=missing or malformed jwt, internal=missing value in cookies",
+			expectError: "code=400, message=missing or malformed jwt, internal=missing value in cookies",
 		},
 		{
 			name: "Valid form method",
@@ -264,7 +264,7 @@ func TestJWT_combinations(t *testing.T) {
 				SigningKey:  validKey,
 				TokenLookup: "form:jwt",
 			},
-			expectError: "code=401, message=missing or malformed jwt, internal=missing value in the form",
+			expectError: "code=400, message=missing or malformed jwt, internal=missing value in the form",
 		},
 	}