Skip to content

Commit

Permalink
Added leeway for date validation issue kylef#54
Browse files Browse the repository at this point in the history
  • Loading branch information
@JanBrinker
JanBrinker committed Sep 7, 2017
1 parent c5e4b5d commit 716873a
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 18 deletions.
22 changes: 11 additions & 11 deletions Sources/ClaimSet.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,18 +93,18 @@ extension ClaimSet {
// MARK: Validations

extension ClaimSet {
public func validate(audience: String? = nil, issuer: String? = nil) throws {
public func validate(audience: String? = nil, issuer: String? = nil, leeway: TimeInterval = 0) throws {
if let issuer = issuer {
try validateIssuer(issuer)
}

if let audience = audience {
try validateAudience(audience)
}

try validateExpiary()
try validateNotBefore()
try validateIssuedAt()
try validateExpiary(leeway: leeway)
try validateNotBefore(leeway: leeway)
try validateIssuedAt(leeway: leeway)
}

public func validateAudience(_ audience: String) throws {
Expand All @@ -131,16 +131,16 @@ extension ClaimSet {
}
}

public func validateExpiary() throws {
try validateDate(claims, key: "exp", comparison: .orderedAscending, failure: .expiredSignature, decodeError: "Expiration time claim (exp) must be an integer")
public func validateExpiary(leeway: TimeInterval = 0) throws {
try validateDate(claims, key: "exp", comparison: .orderedAscending, leeway: (-1 * leeway), failure: .expiredSignature, decodeError: "Expiration time claim (exp) must be an integer")
}

public func validateNotBefore() throws {
try validateDate(claims, key: "nbf", comparison: .orderedDescending, failure: .immatureSignature, decodeError: "Not before claim (nbf) must be an integer")
public func validateNotBefore(leeway: TimeInterval = 0) throws {
try validateDate(claims, key: "nbf", comparison: .orderedDescending, leeway: leeway, failure: .immatureSignature, decodeError: "Not before claim (nbf) must be an integer")
}

public func validateIssuedAt() throws {
try validateDate(claims, key: "iat", comparison: .orderedDescending, failure: .invalidIssuedAt, decodeError: "Issued at claim (iat) must be an integer")
public func validateIssuedAt(leeway: TimeInterval = 0) throws {
try validateDate(claims, key: "iat", comparison: .orderedDescending, leeway: leeway, failure: .invalidIssuedAt, decodeError: "Issued at claim (iat) must be an integer")
}
}

Expand Down
6 changes: 3 additions & 3 deletions Sources/Claims.swift
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
import Foundation

func validateDate(_ payload: Payload, key: String, comparison: ComparisonResult, failure: InvalidToken, decodeError: String) throws {
func validateDate(_ payload: Payload, key: String, comparison: ComparisonResult, leeway: TimeInterval = 0, failure: InvalidToken, decodeError: String) throws {
if payload[key] == nil {
return
}

guard let date = extractDate(payload: payload, key: key) else {
throw InvalidToken.decodeError(decodeError)
}

if date.compare(Date()) == comparison {
if date.compare(Date().addingTimeInterval(leeway)) == comparison {
throw failure
}
}
Expand Down
8 changes: 4 additions & 4 deletions Sources/Decode.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,20 +47,20 @@ public enum InvalidToken: CustomStringConvertible, Error {


/// Decode a JWT
public func decode(_ jwt: String, algorithms: [Algorithm], verify: Bool = true, audience: String? = nil, issuer: String? = nil) throws -> ClaimSet {
public func decode(_ jwt: String, algorithms: [Algorithm], verify: Bool = true, audience: String? = nil, issuer: String? = nil, leeway: TimeInterval = 0) throws -> ClaimSet {
let (header, claims, signature, signatureInput) = try load(jwt)

if verify {
try claims.validate(audience: audience, issuer: issuer)
try claims.validate(audience: audience, issuer: issuer, leeway: leeway)
try verifySignature(algorithms, header: header, signingInput: signatureInput, signature: signature)
}

return claims
}

/// Decode a JWT
public func decode(_ jwt: String, algorithm: Algorithm, verify: Bool = true, audience: String? = nil, issuer: String? = nil) throws -> ClaimSet {
return try decode(jwt, algorithms: [algorithm], verify: verify, audience: audience, issuer: issuer)
public func decode(_ jwt: String, algorithm: Algorithm, verify: Bool = true, audience: String? = nil, issuer: String? = nil, leeway: TimeInterval = 0) throws -> ClaimSet {
return try decode(jwt, algorithms: [algorithm], verify: verify, audience: audience, issuer: issuer, leeway: leeway)
}

/// Decode a JWT
Expand Down

0 comments on commit 716873a

Please sign in to comment.