From 97efca171eb54cb93b6ccc0f37aa443baeb0a44b Mon Sep 17 00:00:00 2001
From: Patrick Peng Sun <patrick@lawipac.com>
Date: Thu, 6 Jul 2017 16:36:02 +1000
Subject: [PATCH] we don't accept empty token.

---
 server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.go b/server.go
index ae02499..f7d79c7 100644
--- a/server.go
+++ b/server.go
@@ -167,7 +167,7 @@ func checkCookieSignatureBytoken(r *http.Request, token string) bool {
 			timestamp = c.Value
 		}
 	}
-	if signature != "" && nonce != "" && timestamp != "" {
+	if signature != "" && nonce != "" && timestamp != "" && token != "" {
 		return verifySignature(signature, timestamp, nonce, IntraAPIConfig.CRMSecrete)
 	}
 	return false