corrected token validation (#392)

* added test to token validation * corrected logic for token validation times
SKF · Oct 24, 2023 · e25bc27 · e25bc27
1 parent d362d0a
commit e25bc27
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 4 deletions.
diff --git a/v2/auth/jwt.go b/v2/auth/jwt.go
@@ -19,17 +19,17 @@ func IsTokenValid(token string, tokenExpireDurationDiff time.Duration) bool {
 		return false
 	}
 
-	ts := time.Now().Add(tokenExpireDurationDiff)
+	ts := time.Now()
 
-	if claims.ExpiresAt != nil && ts.Before(claims.ExpiresAt.Time) {
+	if claims.ExpiresAt != nil && ts.After(claims.ExpiresAt.Time.Add(-tokenExpireDurationDiff)) {
 		return false
 	}
 
-	if claims.IssuedAt != nil && ts.After(claims.IssuedAt.Time) {
+	if claims.IssuedAt != nil && ts.Before(claims.IssuedAt.Time) {
 		return false
 	}
 
-	if claims.NotBefore != nil && ts.After(claims.NotBefore.Time) {
+	if claims.NotBefore != nil && ts.Before(claims.NotBefore.Time) {
 		return false
 	}
 

diff --git a/v2/auth/jwt_test.go b/v2/auth/jwt_test.go
@@ -0,0 +1,66 @@
+package auth
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func Test_IsTokenValid(t *testing.T) {
+	mySigningKey := []byte("test_key")
+	ts := time.Now()
+	tests := []struct {
+		expiresAt, issuedAt time.Time
+		name                string
+		expireDurationDiff  time.Duration
+		expected            bool
+	}{
+		{
+			name:               "valid claims",
+			expiresAt:          ts.Add(time.Hour),
+			expireDurationDiff: time.Minute * 5,
+			issuedAt:           ts.Add(-(time.Minute * 10)),
+			expected:           true,
+		},
+		{
+			name:               "issuedAt in future",
+			expiresAt:          ts.Add(time.Hour),
+			expireDurationDiff: time.Minute * 5,
+			issuedAt:           ts.Add(time.Hour),
+			expected:           false,
+		},
+		{
+			name:               "tokenexpiration inside diff window",
+			expiresAt:          ts.Add(time.Minute * 4),
+			expireDurationDiff: time.Minute * 5,
+			issuedAt:           ts,
+			expected:           false,
+		},
+		{
+			name:               "token expired",
+			expiresAt:          ts.Add(-time.Minute),
+			expireDurationDiff: 0,
+			issuedAt:           ts.Add(-(time.Minute * 10)),
+			expected:           false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			claims := &jwt.RegisteredClaims{
+				ExpiresAt: &jwt.NumericDate{Time: test.expiresAt},
+				IssuedAt:  &jwt.NumericDate{Time: test.issuedAt},
+				Issuer:    "test",
+			}
+
+			token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+			ss, err := token.SignedString(mySigningKey)
+
+			require.NoError(t, err)
+			require.Equal(t, test.expected, IsTokenValid(ss, test.expireDurationDiff))
+		})
+	}
+}