Add additional checks to fix panics observed in production

sda/cmd/s3inbox/userauth.go

@@ -59,6 +59,11 @@ func (u *ValidateFromToken) Authenticate(r *http.Request) (claims jwt.MapClaims,
 	}
 
 	token, err := jwt.Parse(tokenStr, func(tokenStr *jwt.Token) (interface{}, error) { return nil, nil })
+	if token == nil {
+		// We see errors unexpectedly at times, so regard token instead
+		return nil, fmt.Errorf("failed to parse token, not JWT? error: %s", err)
+	}
+
 	// Return error if token is broken (without claims)
 	if claims, ok = token.Claims.(jwt.MapClaims); !ok {
 		return nil, fmt.Errorf("broken token (claims are empty): %v\nerror: %s", claims, err)
@@ -105,6 +110,10 @@ func (u *ValidateFromToken) Authenticate(r *http.Request) (claims jwt.MapClaims,
 	}
 
 	path := strings.Split(str.Path, "/")
+	if len(path) < 2 {
+		return nil, fmt.Errorf("length of path split was shorter than expected: %s", str.Path)
+	}
+
 	username := path[1]
 
 	// Case for Elixir and CEGA usernames: Replace @ with _ character

sda/cmd/s3inbox/userauth_test.go

@@ -107,6 +107,13 @@ func TestUserTokenAuthenticator_ValidateSignature_RSA(t *testing.T) {
 
 	r, _ := http.NewRequest("", "/", nil)
 	r.Host = "localhost"
+
+	// Test error from non-JWT token
+	r.Header.Set("X-Amz-Security-Token", "notJWT")
+	r.URL.Path = "/dummy/"
+	_, err = a.Authenticate(r)
+	assert.Error(t, err)
+
 	r.Header.Set("X-Amz-Security-Token", defaultToken)
 
 	// Test that a user can access their own bucket
@@ -116,6 +123,12 @@ func TestUserTokenAuthenticator_ValidateSignature_RSA(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, token["pilot"], helper.DefaultTokenClaims["pilot"])
 
+	// Test that an unexpected path gives an error
+	r.URL.Path = "error"
+	signer.SignV4(*r, "username", "testpass", "", "us-east-1")
+	_, err = a.Authenticate(r)
+	assert.Error(t, err)
+
 	// Test that a valid user can't access someone elses bucket
 	r.URL.Path = "/notvalid/"
 	signer.SignV4(*r, "username", "testpass", "", "us-east-1")