Check empty secret in other spots

jwt/login.go

@@ -11,18 +11,18 @@ import (
 )
 
 // TokenVerifier verifies Tokens.
-type tokenVerifier struct {
+type TokenVerifier struct {
 	secret string
 }
 
 var ErrEmptySecret = fmt.Errorf("secret is required")
 
-func NewTokenVerifier(secret string) (*tokenVerifier, error) {
+func NewTokenVerifier(secret string) (*TokenVerifier, error) {
 	if secret == "" {
 		return nil, ErrEmptySecret
 	}
 
-	return &tokenVerifier{
+	return &TokenVerifier{
 		secret: secret,
 	}, nil
 }
@@ -40,7 +40,11 @@ const (
 )
 
 // CreateToken creates a new token from username and name.
-func (tv *tokenVerifier) CreateToken(user *postgres.User) (string, error) {
+func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
+	if tv.secret == "" {
+		return "", ErrEmptySecret
+	}
+
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"usr":  user.Email,
 		"name": user.Name,
@@ -64,7 +68,11 @@ var (
 )
 
 // VerifyToken verifys a given string-token.
-func (tv *tokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
+func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
+	if tv.secret == "" {
+		return nil, ErrEmptySecret
+	}
+
 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)

server/account_test.go

@@ -28,11 +28,10 @@ func TestRegisterUser(t *testing.T) { //nolint:funlen
 		return
 	}
 
+	tokenVerifier, _ := jwt.NewTokenVerifier("this_is_my_demo_secret_for_unit_tests")
 	h := Handler{
 		Service:             database,
-		TokenVerifier: &jwt.TokenVerifier{
-			Secret: "this_is_my_demo_secret_for_unit_tests",
-		},
+		TokenVerifier:       tokenVerifier,
 		CredentialsVerifier: &bcrypt.Verifier{},
 	}