Skip to content

Commit ad79b9a

Browse files
ecrupperecrupper
authored
fix(jwt): set issued_at to nil prior to validating claims (#813)
* fix(jwt): set issued_at to nil prior to validating claims * update comment to retrigger test job
1 parent a3ab6f0 commit ad79b9a

File tree

3 files changed

+9
-5
lines changed

3 files changed

+9
-5
lines changed

internal/token/parse.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,10 @@ func (tm *Manager) ParseToken(token string) (*Claims, error) {
3434
claims = t.Claims.(*Claims)
3535
name := claims.Subject
3636

37+
// according to JWT, the iat field is optional for security purposes and is purely informational.
38+
// setting it to nil avoids any worries of race conditions.
39+
claims.IssuedAt = nil
40+
3741
// check if subject has a value in claims;
3842
// we can save a db lookup attempt
3943
if len(name) == 0 {

internal/token/parse_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ func TestTokenManager_ParseToken(t *testing.T) {
5151
TokenType: constants.UserAccessTokenType,
5252
RegisteredClaims: jwt.RegisteredClaims{
5353
Subject: u.GetName(),
54-
IssuedAt: jwt.NewNumericDate(now),
54+
IssuedAt: nil,
5555
ExpiresAt: jwt.NewNumericDate(now.Add(time.Minute * 5)),
5656
},
5757
},
@@ -69,7 +69,7 @@ func TestTokenManager_ParseToken(t *testing.T) {
6969
TokenType: constants.UserRefreshTokenType,
7070
RegisteredClaims: jwt.RegisteredClaims{
7171
Subject: u.GetName(),
72-
IssuedAt: jwt.NewNumericDate(now),
72+
IssuedAt: nil,
7373
ExpiresAt: jwt.NewNumericDate(now.Add(time.Minute * 30)),
7474
},
7575
},
@@ -89,7 +89,7 @@ func TestTokenManager_ParseToken(t *testing.T) {
8989
TokenType: constants.WorkerBuildTokenType,
9090
RegisteredClaims: jwt.RegisteredClaims{
9191
Subject: "worker",
92-
IssuedAt: jwt.NewNumericDate(now),
92+
IssuedAt: nil,
9393
ExpiresAt: jwt.NewNumericDate(now.Add(time.Minute * 90)),
9494
},
9595
},

router/middleware/claims/claims_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ func TestClaims_Establish(t *testing.T) {
8888
IsActive: true,
8989
RegisteredClaims: jwt.RegisteredClaims{
9090
Subject: "foo",
91-
IssuedAt: jwt.NewNumericDate(now),
91+
IssuedAt: nil,
9292
ExpiresAt: jwt.NewNumericDate(now.Add(time.Minute * 5)),
9393
},
9494
},
@@ -108,7 +108,7 @@ func TestClaims_Establish(t *testing.T) {
108108
Repo: "foo/bar",
109109
RegisteredClaims: jwt.RegisteredClaims{
110110
Subject: "host",
111-
IssuedAt: jwt.NewNumericDate(now),
111+
IssuedAt: nil,
112112
ExpiresAt: jwt.NewNumericDate(now.Add(time.Minute * 35)),
113113
},
114114
},

0 commit comments

Comments
 (0)