SuccessHandler can return error and break handler chain execution

Author: aldas

jwt.go

@@ -22,7 +22,9 @@ type Config struct {
 	BeforeFunc middleware.BeforeFunc
 
 	// SuccessHandler defines a function which is executed for a valid token.
-	SuccessHandler func(c *echo.Context)
+	// In case SuccessHandler error the middleware stops handler chain execution and
+	// returns error.
+	SuccessHandler func(c *echo.Context) error
 
 	// ErrorHandler defines a function which is executed when all lookups have been done and none of them passed Validator
 	// function. ErrorHandler is executed with last missing (ErrExtractionValueMissing) or an invalid key.
@@ -244,7 +246,9 @@ func (config Config) ToMiddleware() (echo.MiddlewareFunc, error) {
 					// Store user information from token into context.
 					c.Set(config.ContextKey, token)
 					if config.SuccessHandler != nil {
-						config.SuccessHandler(c)
+						if sErr := config.SuccessHandler(c); sErr != nil {
+							return sErr
+						}
 					}
 					return next(c)
 				}

jwt_test.go

@@ -642,8 +642,9 @@ func TestMustJWTWithConfig_SuccessHandler(t *testing.T) {
 		ParseTokenFunc: func(c *echo.Context, auth string) (interface{}, error) {
 			return auth, nil
 		},
-		SuccessHandler: func(c *echo.Context) {
+		SuccessHandler: func(c *echo.Context) error {
 			c.Set("success", "yes")
+			return nil
 		},
 	}.ToMiddleware()
 	assert.NoError(t, err)
@@ -658,6 +659,33 @@ func TestMustJWTWithConfig_SuccessHandler(t *testing.T) {
 	assert.Equal(t, http.StatusTeapot, res.Code)
 }
 
+func TestMustJWTWithConfig_SuccessHandlerError(t *testing.T) {
+	e := echo.New()
+
+	e.GET("/", func(c *echo.Context) error {
+		return c.String(http.StatusTeapot, "should not end up here")
+	})
+
+	mw, err := Config{
+		ParseTokenFunc: func(c *echo.Context, auth string) (interface{}, error) {
+			return auth, nil
+		},
+		SuccessHandler: func(c *echo.Context) error {
+			return echo.ErrForbidden.Wrap(errors.New("nope"))
+		},
+	}.ToMiddleware()
+	assert.NoError(t, err)
+	e.Use(mw)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Add(echo.HeaderAuthorization, "Bearer valid_token_base64")
+	res := httptest.NewRecorder()
+	e.ServeHTTP(res, req)
+
+	assert.Equal(t, "{\"message\":\"Forbidden\"}\n", res.Body.String())
+	assert.Equal(t, http.StatusForbidden, res.Code)
+}
+
 func TestJWTWithConfig_ContinueOnIgnoredError(t *testing.T) {
 	var testCases = []struct {
 		name                        string