Merge pull request #19 from cdoco/develop

FIx #18 - expiration time bug .
cdoco · Nov 6, 2018 · 7722730 · 7722730
2 parents 6e7abdb + 19b95cc
commit 7722730
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 11 deletions.
diff --git a/jwt.c b/jwt.c
@@ -349,23 +349,27 @@ int jwt_verify_body(char *body, zval *return_value)
         err_msg = msg;                  \
     } while(0);
 
-    /* Expiration */
+    /* set expiration and not before */
+    JWT_G(expiration) = jwt_hash_str_find_long(return_value, "exp");
+    JWT_G(not_before) = jwt_hash_str_find_long(return_value, "nbf");
+    JWT_G(iat) = jwt_hash_str_find_long(return_value, "iat");
+
+    /* expiration */
     if (JWT_G(expiration) && (curr_time - JWT_G(leeway)) >= JWT_G(expiration))
         FORMAT_CEX_MSG("Expired token", jwt_expired_signature_cex);
 
     /* not before */
     if (JWT_G(not_before) && JWT_G(not_before) > (curr_time + JWT_G(leeway)))
         FORMAT_CEX_TIME(JWT_G(not_before), jwt_before_valid_cex);
 
+    /* iat */
+    if (JWT_G(iat) && JWT_G(iat) > (curr_time + JWT_G(leeway)))
+        FORMAT_CEX_TIME(JWT_G(iat), jwt_invalid_iat_cex);
+
     /* iss */
     if (jwt_verify_claims_str(return_value, "iss", JWT_G(iss)))
         FORMAT_CEX_MSG("Invalid Issuer", jwt_invalid_issuer_cex);
 
-    /* iat */
-    if (JWT_G(iat) && JWT_G(iat) > (curr_time + JWT_G(leeway))) {
-        FORMAT_CEX_TIME(JWT_G(iat), jwt_invalid_iat_cex);
-    }
-
     /* jti */
     if (jwt_verify_claims_str(return_value, "jti", JWT_G(jti)))
         FORMAT_CEX_MSG("Invalid Jti", jwt_invalid_jti_cex);
@@ -462,11 +466,6 @@ static void php_jwt_encode(INTERNAL_FUNCTION_PARAMETERS) {
         goto encode_done;
     }
 
-    /* set expiration and not before */
-    JWT_G(expiration) = jwt_hash_str_find_long(payload, "exp");
-    JWT_G(not_before) = jwt_hash_str_find_long(payload, "nbf");
-    JWT_G(iat) = jwt_hash_str_find_long(payload, "iat");
-
     /* init */
     array_init(&header);
 

diff --git a/tests/014.phpt b/tests/014.phpt
@@ -0,0 +1,17 @@
+--TEST--
+ISSUE #18 expiration time bug
+--SKIPIF--
+<?php if (!extension_loaded("jwt")) print "skip"; ?>
+--FILE--
+<?php
+$hmackey = "example-hmac-key";
+
+try {
+    $decoded_token = jwt_decode('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiZGF0YSIsImV4cCI6MTU0MTMzNTUxNH0.CsQXJI3d2b9LOZSO3rD2xrr9ar7bWBcbrrm-mXJto3g', $hmackey, ['algorithm' => 'HS256']);
+} catch (ExpiredSignatureException $e) {
+     // Handle expired token
+     echo "FAIL\n";
+}
+?>
+--EXPECT--
+FAIL