forked from mirror/jwt
use json.Number for claims check
if parser.UseJSONNumber is true then the Claims[“exp”] and Claims[“nbf”] can be full int64 range, not limited to float64 vnbf and vexp are just flags for whether or not the values were obtained through either method and should be checked
This commit is contained in:
parent
9a4b9f2ac1
commit
52e4189627
39
parser.go
39
parser.go
|
@ -87,17 +87,38 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
|||
// Check expiration times
|
||||
vErr := &ValidationError{}
|
||||
now := TimeFunc().Unix()
|
||||
if exp, ok := token.Claims["exp"].(float64); ok {
|
||||
if now > int64(exp) {
|
||||
vErr.err = "token is expired"
|
||||
vErr.Errors |= ValidationErrorExpired
|
||||
var exp, nbf int64
|
||||
var vexp, vnbf bool
|
||||
|
||||
if p.UseJSONNumber {
|
||||
if num, ok := token.Claims["exp"].(json.Number); ok {
|
||||
if exp, err = num.Int64(); err == nil {
|
||||
vexp = true
|
||||
}
|
||||
}
|
||||
if num, ok := token.Claims["nbf"].(json.Number); ok {
|
||||
if nbf, err = num.Int64(); err == nil {
|
||||
vnbf = true
|
||||
}
|
||||
}
|
||||
} else {
|
||||
var ok bool
|
||||
if exp, ok = token.Claims["exp"].(int64); ok {
|
||||
vexp = true
|
||||
}
|
||||
if nbf, ok = token.Claims["nbf"].(int64); ok {
|
||||
vnbf = true
|
||||
}
|
||||
}
|
||||
if nbf, ok := token.Claims["nbf"].(float64); ok {
|
||||
if now < int64(nbf) {
|
||||
vErr.err = "token is not valid yet"
|
||||
vErr.Errors |= ValidationErrorNotValidYet
|
||||
}
|
||||
|
||||
if vexp && now > exp {
|
||||
vErr.err = "token is expired"
|
||||
vErr.Errors |= ValidationErrorExpired
|
||||
}
|
||||
|
||||
if vnbf && now < nbf {
|
||||
vErr.err = "token is not valid yet"
|
||||
vErr.Errors |= ValidationErrorNotValidYet
|
||||
}
|
||||
|
||||
// Perform validation
|
||||
|
|
Loading…
Reference in New Issue