diff options
| author | Robert Newson <rnewson@apache.org> | 2017-05-11 09:33:14 +0100 |
|---|---|---|
| committer | Robert Newson <rnewson@apache.org> | 2017-05-11 09:48:24 +0100 |
| commit | 6cc182d5bd009c0bfee036651714a3294bfa2254 (patch) | |
| tree | d9c30c38e56d343a7fe66db35596ad4e9c6532e3 | |
| parent | e80c3d168c835adea87469ca53dec0d54bab7023 (diff) | |
| download | couchdb-6cc182d5bd009c0bfee036651714a3294bfa2254.tar.gz | |
IAT validation requires it to be a number, any number
| -rw-r--r-- | src/jwtf.erl | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/jwtf.erl b/src/jwtf.erl index ae8239a9a..cffe88b00 100644 --- a/src/jwtf.erl +++ b/src/jwtf.erl @@ -132,8 +132,10 @@ validate_iat(Props, Checks) -> ok; {true, undefined} -> throw({error, missing_iat}); - {true, IAT} -> - assert_past(iat, IAT) + {true, IAT} when is_integer(IAT) -> + ok; + {true, _} -> + throw({error, invalid_iat}) end. @@ -328,8 +330,8 @@ missing_iat_test() -> invalid_iat_test() -> - Encoded = encode(valid_header(), {[{<<"iat">>, 32503680000}]}), - ?assertEqual({error, {iat,not_in_past}}, decode(Encoded, [iat], nil)). + Encoded = encode(valid_header(), {[{<<"iat">>, <<"hello">>}]}), + ?assertEqual({error, invalid_iat}, decode(Encoded, [iat], nil)). missing_nbf_test() -> |