From 02bc1ac5067c1cb18c8e111cf9f80b6ed4616e2d Mon Sep 17 00:00:00 2001
From: Hinagiku Soranoba <soranoba@gmail.com>
Date: Sat, 11 Sep 2021 06:44:55 +0900
Subject: [PATCH] When exp indicates the present, make it invalid. (#86)

* When exp indicates the present, make it invalid.

* Update map_claims_test.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>
---
 claims.go          |  2 +-
 map_claims_test.go | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/claims.go b/claims.go
index ffd5dba..b07ac02 100644
--- a/claims.go
+++ b/claims.go
@@ -238,7 +238,7 @@ func verifyExp(exp *time.Time, now time.Time, required bool) bool {
 	if exp == nil {
 		return !required
 	}
-	return now.Before(*exp) || now.Equal(*exp)
+	return now.Before(*exp)
 }
 
 func verifyIat(iat *time.Time, now time.Time, required bool) bool {
diff --git a/map_claims_test.go b/map_claims_test.go
index 05f56e1..b8b9eb7 100644
--- a/map_claims_test.go
+++ b/map_claims_test.go
@@ -2,6 +2,7 @@ package jwt
 
 import (
 	"testing"
+	"time"
 )
 
 func TestVerifyAud(t *testing.T) {
@@ -97,3 +98,26 @@ func TestMapclaimsVerifyExpiresAtInvalidTypeString(t *testing.T) {
 		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
 	}
 }
+
+func TestMapClaimsVerifyExpiresAtExpire(t *testing.T) {
+	exp := time.Now().Unix()
+	mapClaims := MapClaims{
+		"exp": float64(exp),
+	}
+	want := false
+	got := mapClaims.VerifyExpiresAt(exp, true)
+	if want != got {
+		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
+	}
+
+	got = mapClaims.VerifyExpiresAt(exp + 1, true)
+	if want != got {
+		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
+	}
+
+	want = true
+	got = mapClaims.VerifyExpiresAt(exp - 1, true)
+	if want != got {
+		t.Fatalf("Failed to verify claims, wanted: %v got %v", want, got)
+	}
+}