Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: fix the false alarm of verification with jwt.WithJSONNumber #305

Merged
merged 1 commit into from
Dec 1, 2022
Merged

bug: fix the false alarm of verification with jwt.WithJSONNumber #305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions _example/basic/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (
"os"
"time"

jwt "github.com/appleboy/gin-jwt/v2"
"github.com/gin-gonic/gin"

jwt "github.com/appleboy/gin-jwt/v2"
)

type login struct {
Expand Down Expand Up @@ -112,7 +113,6 @@ func main() {
// TimeFunc provides the current time. You can override it to use another time value. This is useful for testing or if your server uses a different time zone than your tokens.
TimeFunc: time.Now,
})

if err != nil {
log.Fatal("JWT Error:" + err.Error())
}
Expand Down
28 changes: 19 additions & 9 deletions auth_jwt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package jwt

import (
"crypto/rsa"
"encoding/json"
"errors"
"net/http"
"os"
Expand Down Expand Up @@ -422,21 +423,30 @@ func (mw *GinJWTMiddleware) middlewareImpl(c *gin.Context) {
return
}

if claims["exp"] == nil {
switch v := claims["exp"].(type) {
case nil:
mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrMissingExpField, c))
return
}

if _, ok := claims["exp"].(float64); !ok {
case float64:
if int64(v) < mw.TimeFunc().Unix() {
mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(ErrExpiredToken, c))
return
}
case json.Number:
n, err := v.Int64()
if err != nil {
mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrWrongFormatOfExp, c))
return
}
if n < mw.TimeFunc().Unix() {
mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(ErrExpiredToken, c))
return
}
default:
mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrWrongFormatOfExp, c))
return
}

if int64(claims["exp"].(float64)) < mw.TimeFunc().Unix() {
mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(ErrExpiredToken, c))
return
}

c.Set("JWT_PAYLOAD", claims)
identity := mw.IdentityHandler(c)

Expand Down
26 changes: 26 additions & 0 deletions auth_jwt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -665,6 +665,32 @@ func TestAuthorizator(t *testing.T) {
})
}

func TestParseTokenWithJsonNumber(t *testing.T) {
authMiddleware, _ := New(&GinJWTMiddleware{
Realm: "test zone",
Key: key,
Timeout: time.Hour,
MaxRefresh: time.Hour * 24,
Authenticator: defaultAuthenticator,
Unauthorized: func(c *gin.Context, code int, message string) {
c.String(code, message)
},
ParseOptions: []jwt.ParserOption{jwt.WithJSONNumber()},
})

handler := ginHandler(authMiddleware)

r := gofight.New()

r.GET("/auth/hello").
SetHeader(gofight.H{
"Authorization": "Bearer " + makeTokenString("HS256", "admin"),
}).
Run(handler, func(r gofight.HTTPResponse, rq gofight.HTTPRequest) {
assert.Equal(t, http.StatusOK, r.Code)
})
}

func TestClaimsDuringAuthorization(t *testing.T) {
// the middleware to test
authMiddleware, _ := New(&GinJWTMiddleware{
Expand Down