When exp indicates the present, make it invalid. (#86)

soranoba · oxisto · web-flow · commit 02bc1ac5067c · 2021-09-10T17:44:55.000-04:00
* When exp indicates the present, make it invalid.

* Update map_claims_test.go

Co-authored-by: Christian Banse &lt;oxisto@aybaze.com&gt;
diff --git a/claims.go b/claims.go
@@ -238,7 +238,7 @@ func verifyExp(exp *time.Time, now time.Time, required bool) bool {
 	if exp == nil {
 		return !required
 	}
-	return now.Before(*exp) || now.Equal(*exp)
+	return now.Before(*exp)
 }
 
 func verifyIat(iat *time.Time, now time.Time, required bool) bool {
diff --git a/map_claims_test.go b/map_claims_test.go
@@ -2,6 +2,7 @@ package jwt
 
 import (
 	"testing"
+	"time"
 )
 
 func TestVerifyAud(t *testing.T) {
@@ -97,3 +98,26 @@ func TestMapclaimsVerifyExpiresAtInvalidTypeString(t *testing.T) {
 		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
 	}
 }
+
+func TestMapClaimsVerifyExpiresAtExpire(t *testing.T) {
+	exp := time.Now().Unix()
+	mapClaims := MapClaims{
+		"exp": float64(exp),
+	}
+	want := false
+	got := mapClaims.VerifyExpiresAt(exp, true)
+	if want != got {
+		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
+	}
+
+	got = mapClaims.VerifyExpiresAt(exp + 1, true)
+	if want != got {
+		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
+	}
+
+	want = true
+	got = mapClaims.VerifyExpiresAt(exp - 1, true)
+	if want != got {
+		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -238,7 +238,7 @@ func verifyExp(exp *time.Time, now time.Time, required bool) bool {`
`238`	`238`	`if exp == nil {`
`239`	`239`	`return !required`
`240`	`240`	`}`
`241`		`- return now.Before(exp) \|\| now.Equal(exp)`
	`241`	`+ return now.Before(*exp)`
`242`	`242`	`}`
`243`	`243`
`244`	`244`	`func verifyIat(iat *time.Time, now time.Time, required bool) bool {`