Skip to content

Commit

Permalink
maxAge: Add validation to timespan result
Browse files Browse the repository at this point in the history
  • Loading branch information
@ziluvatar
ziluvatar committed Aug 29, 2017
1 parent b61cc34 commit 66a4f8b
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 5 deletions.
25 changes: 20 additions & 5 deletions test/verify.tests.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ describe('verify', function() {

describe('option: maxAge', function () {

['3s', 3].forEach(function(maxAge) {
[String('3s'), '3s', 3].forEach(function(maxAge) {
it(`should error for claims issued before a certain timespan (${typeof maxAge} type)`, function (done) {
clock = sinon.useFakeTimers(1437018587000); // iat + 5s, exp - 5s
var options = {algorithms: ['HS256'], maxAge: maxAge};
Expand All @@ -131,7 +131,7 @@ describe('verify', function() {
});
});

['5s', 5].forEach(function (maxAge) {
[String('5s'), '5s', 5].forEach(function (maxAge) {
it(`should not error for claims issued before a certain timespan but still inside clockTolerance timespan (${typeof maxAge} type)`, function (done) {
clock = sinon.useFakeTimers(1437018587500); // iat + 5.5s, exp - 4.5s
var options = {algorithms: ['HS256'], maxAge: maxAge, clockTolerance: 1 };
Expand All @@ -144,7 +144,7 @@ describe('verify', function() {
});
});

['6s', 6].forEach(function (maxAge) {
[String('6s'), '6s', 6].forEach(function (maxAge) {
it(`should not error if within maxAge timespan (${typeof maxAge} type)`, function (done) {
clock = sinon.useFakeTimers(1437018587500);// iat + 5.5s, exp - 4.5s
var options = {algorithms: ['HS256'], maxAge: maxAge};
Expand All @@ -157,7 +157,7 @@ describe('verify', function() {
});
});

['8s', 8].forEach(function (maxAge) {
[String('8s'), '8s', 8].forEach(function (maxAge) {
it(`can be more restrictive than expiration (${typeof maxAge} type)`, function (done) {
clock = sinon.useFakeTimers(1437018591900); // iat + 9.9s, exp - 0.1s
var options = {algorithms: ['HS256'], maxAge: maxAge };
Expand All @@ -173,7 +173,7 @@ describe('verify', function() {
});
});

['12s', 12].forEach(function (maxAge) {
[String('12s'), '12s', 12].forEach(function (maxAge) {
it(`cannot be more permissive than expiration (${typeof maxAge} type)`, function (done) {
clock = sinon.useFakeTimers(1437018593000); // iat + 11s, exp + 1s
var options = {algorithms: ['HS256'], maxAge: '12s'};
Expand All @@ -190,6 +190,20 @@ describe('verify', function() {
});
});

[new String('1s'), 'no-timespan-string'].forEach(function (maxAge){
it(`should error if maxAge is specified with a wrong string format/type (value: ${maxAge}, type: ${typeof maxAge})`, function (done) {
clock = sinon.useFakeTimers(1437018587000); // iat + 5s, exp - 5s
var options = { algorithms: ['HS256'], maxAge: maxAge };

jwt.verify(token, key, options, function (err, p) {
assert.equal(err.name, 'JsonWebTokenError');
assert.equal(err.message, '"maxAge" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60');
assert.isUndefined(p);
done();
});
});
});

it('should error if maxAge is specified but there is no iat claim', function (done) {
var token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb28iOiJiYXIifQ.0MBPd4Bru9-fK_HY3xmuDAc6N_embknmNuhdb9bKL_U';
var options = {algorithms: ['HS256'], maxAge: '1s'};
Expand All @@ -201,6 +215,7 @@ describe('verify', function() {
done();
});
});

});

describe('option: clockTimestamp', function () {
Expand Down
3 changes: 3 additions & 0 deletions verify.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,9 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
}

var maxAgeTimestamp = timespan(options.maxAge, payload.iat);
if (typeof maxAgeTimestamp === 'undefined') {
return done(new JsonWebTokenError('"maxAge" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60'));
}
if (clockTimestamp >= maxAgeTimestamp + (options.clockTolerance || 0)) {
return done(new TokenExpiredError('maxAge exceeded', new Date(maxAgeTimestamp * 1000)));
}
Expand Down

0 comments on commit 66a4f8b

Please sign in to comment.