Skip to content

Commit 7722730

Browse files
cdococdoco
authored
Merge pull request #19 from cdoco/develop
FIx #18 - expiration time bug .
2 parents 6e7abdb + 19b95cc commit 7722730

File tree

2 files changed

+27
-11
lines changed

2 files changed

+27
-11
lines changed

jwt.c

+10-11
Original file line numberDiff line numberDiff line change
@@ -349,23 +349,27 @@ int jwt_verify_body(char *body, zval *return_value)
349349
err_msg = msg; \
350350
} while(0);
351351

352-
/* Expiration */
352+
/* set expiration and not before */
353+
JWT_G(expiration) = jwt_hash_str_find_long(return_value, "exp");
354+
JWT_G(not_before) = jwt_hash_str_find_long(return_value, "nbf");
355+
JWT_G(iat) = jwt_hash_str_find_long(return_value, "iat");
356+
357+
/* expiration */
353358
if (JWT_G(expiration) && (curr_time - JWT_G(leeway)) >= JWT_G(expiration))
354359
FORMAT_CEX_MSG("Expired token", jwt_expired_signature_cex);
355360

356361
/* not before */
357362
if (JWT_G(not_before) && JWT_G(not_before) > (curr_time + JWT_G(leeway)))
358363
FORMAT_CEX_TIME(JWT_G(not_before), jwt_before_valid_cex);
359364

365+
/* iat */
366+
if (JWT_G(iat) && JWT_G(iat) > (curr_time + JWT_G(leeway)))
367+
FORMAT_CEX_TIME(JWT_G(iat), jwt_invalid_iat_cex);
368+
360369
/* iss */
361370
if (jwt_verify_claims_str(return_value, "iss", JWT_G(iss)))
362371
FORMAT_CEX_MSG("Invalid Issuer", jwt_invalid_issuer_cex);
363372

364-
/* iat */
365-
if (JWT_G(iat) && JWT_G(iat) > (curr_time + JWT_G(leeway))) {
366-
FORMAT_CEX_TIME(JWT_G(iat), jwt_invalid_iat_cex);
367-
}
368-
369373
/* jti */
370374
if (jwt_verify_claims_str(return_value, "jti", JWT_G(jti)))
371375
FORMAT_CEX_MSG("Invalid Jti", jwt_invalid_jti_cex);
@@ -462,11 +466,6 @@ static void php_jwt_encode(INTERNAL_FUNCTION_PARAMETERS) {
462466
goto encode_done;
463467
}
464468

465-
/* set expiration and not before */
466-
JWT_G(expiration) = jwt_hash_str_find_long(payload, "exp");
467-
JWT_G(not_before) = jwt_hash_str_find_long(payload, "nbf");
468-
JWT_G(iat) = jwt_hash_str_find_long(payload, "iat");
469-
470469
/* init */
471470
array_init(&header);
472471

tests/014.phpt

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
--TEST--
2+
ISSUE #18 expiration time bug
3+
--SKIPIF--
4+
<?php if (!extension_loaded("jwt")) print "skip"; ?>
5+
--FILE--
6+
<?php
7+
$hmackey = "example-hmac-key";
8+
9+
try {
10+
$decoded_token = jwt_decode('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiZGF0YSIsImV4cCI6MTU0MTMzNTUxNH0.CsQXJI3d2b9LOZSO3rD2xrr9ar7bWBcbrrm-mXJto3g', $hmackey, ['algorithm' => 'HS256']);
11+
} catch (ExpiredSignatureException $e) {
12+
// Handle expired token
13+
echo "FAIL\n";
14+
}
15+
?>
16+
--EXPECT--
17+
FAIL

0 commit comments

Comments
 (0)