Skip to content

Commit

Permalink
Merge pull request #88 from aj-michael/master
Browse files Browse the repository at this point in the history 
nbf check allows exact time matches.
  • Loading branch information
@excpt
excpt committed Jul 3, 2015
2 parents 868999f + acefb90 commit af6c87a
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/jwt.rb
View file
Expand Up @@ -161,7 +161,7 @@ def decode(jwt, key=nil, verify=true, options={}, &keyfinder)
fail JWT::ExpiredSignature.new('Signature has expired') unless payload['exp'].to_i > (Time.now.to_i - options[:leeway])
end
if options[:verify_not_before] && payload.include?('nbf')
fail JWT::ImmatureSignature.new('Signature nbf has not been reached') unless payload['nbf'].to_i < (Time.now.to_i + options[:leeway])
fail JWT::ImmatureSignature.new('Signature nbf has not been reached') unless payload['nbf'].to_i <= (Time.now.to_i + options[:leeway])
end
if options[:verify_iss] && options['iss']
fail JWT::InvalidIssuerError.new("Invalid issuer. Expected #{options['iss']}, received #{payload['iss'] || '<none>'}") unless payload['iss'].to_s == options['iss'].to_s
Expand Down
11 changes: 10 additions & 1 deletion spec/jwt_spec.rb
View file
Expand Up @@ -362,6 +362,15 @@
expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
end

it 'doesnt raise error when equal to nbf' do
mature_payload = @payload.clone
mature_payload['nbf'] = Time.now.to_i
secret = 'secret'
jwt = JWT.encode(mature_payload, secret)
decoded_payload = JWT.decode(jwt, secret, true, :verify_expiration => false)
expect(decoded_payload).to include(mature_payload)
end

it 'doesnt raise error when after nbf' do
mature_payload = @payload.clone
secret = 'secret'
Expand All @@ -372,7 +381,7 @@

it 'raise ImmatureSignature even when nbf claim is a string' do
immature_payload = @payload.clone
immature_payload['nbf'] = (Time.now.to_i).to_s
immature_payload['nbf'] = (Time.now.to_i + 1).to_s
secret = 'secret'
jwt = JWT.encode(immature_payload, secret)
expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
Expand Down

0 comments on commit af6c87a

Please sign in to comment.