Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oadk/maxrefresh #185

Merged
merged 2 commits into from
Nov 28, 2018
Merged

Oadk/maxrefresh #185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bab7aa4
Check specifically for ValidationErrorExpired
oadk Nov 27, 2018
e825399
Add test for refreshing expired token within MaxRefresh time
oadk Nov 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions auth_jwt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -510,10 +510,16 @@ func (mw *GinJWTMiddleware) RefreshToken(c *gin.Context) (string, time.Time, err
func (mw *GinJWTMiddleware) CheckIfTokenExpire(c *gin.Context) (jwt.MapClaims, error) {
token, err := mw.ParseToken(c)

// issue: Cannot refresh expired token, even if within MaxRefresh time
// see https://github.com/appleboy/gin-jwt/issues/176
if token == nil {
return nil, err
if err != nil {
// If we receive an error, and the error is anything other than a single
// ValidationErrorExpired, we want to return the error.
// If the error is just ValidationErrorExpired, we want to continue, as we can still
// refresh the token if it's within the MaxRefresh time.
// (see https://github.com/appleboy/gin-jwt/issues/176)
validationErr, ok := err.(*jwt.ValidationError)
if !ok || validationErr.Errors != jwt.ValidationErrorExpired {
return nil, err
}
}

claims := token.Claims.(jwt.MapClaims)
Expand Down
31 changes: 31 additions & 0 deletions auth_jwt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -496,6 +496,37 @@ func TestRefreshHandler(t *testing.T) {
})
}

func TestExpiredTokenWithinMaxRefreshOnRefreshHandler(t *testing.T) {
// the middleware to test
authMiddleware, _ := New(&GinJWTMiddleware{
Realm: "test zone",
Key: key,
Timeout: time.Hour,
MaxRefresh: 2 * time.Hour,
Authenticator: defaultAuthenticator,
})

handler := ginHandler(authMiddleware)

r := gofight.New()

token := jwt.New(jwt.GetSigningMethod("HS256"))
claims := token.Claims.(jwt.MapClaims)
claims["identity"] = "admin"
claims["exp"] = time.Now().Add(-time.Minute).Unix()
claims["orig_iat"] = time.Now().Add(-time.Hour).Unix()
tokenString, _ := token.SignedString(key)

// We should be able to refresh a token that has expired but is within the MaxRefresh time
r.GET("/auth/refresh_token").
SetHeader(gofight.H{
"Authorization": "Bearer " + tokenString,
}).
Run(handler, func(r gofight.HTTPResponse, rq gofight.HTTPRequest) {
assert.Equal(t, http.StatusOK, r.Code)
})
}

func TestExpiredTokenOnRefreshHandler(t *testing.T) {
// the middleware to test
authMiddleware, _ := New(&GinJWTMiddleware{
Expand Down