1 files changed, 26 insertions, 10 deletions

diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl
index 247f2b508..a0bbf1fc1 100644
--- a/src/jwtf/src/jwtf.erl
+++ b/src/jwtf/src/jwtf.erl
@@ -188,8 +188,7 @@ validate_alg(Props, Checks) ->
     end.
 
 
-%% Not all these fields have to be present, but if they _are_ present
-%% they must be valid.
+%% Only validate required checks.
 validate_payload(Props, Checks) ->
     validate_iss(Props, Checks),
     validate_iat(Props, Checks),
@@ -202,7 +201,7 @@ validate_iss(Props, Checks) ->
     ActualISS = prop(<<"iss">>, Props),
 
     case {ExpectedISS, ActualISS} of
-        {undefined, undefined} ->
+        {undefined, _} -> % ignore unrequired check
             ok;
         {ISS, undefined} when ISS /= undefined ->
             throw({bad_request, <<"Missing iss claim">>});
@@ -218,11 +217,11 @@ validate_iat(Props, Checks) ->
     IAT = prop(<<"iat">>, Props),
 
     case {Required, IAT} of
-        {undefined, undefined} ->
+        {undefined, _} -> % ignore unrequired check
             ok;
         {true, undefined} ->
             throw({bad_request, <<"Missing iat claim">>});
-        {_, IAT} when is_integer(IAT) ->
+        {true, IAT} when is_integer(IAT) ->
             ok;
         {true, _} ->
             throw({bad_request, <<"Invalid iat claim">>})
@@ -234,12 +233,12 @@ validate_nbf(Props, Checks) ->
     NBF = prop(<<"nbf">>, Props),
 
     case {Required, NBF} of
-        {undefined, undefined} ->
+        {undefined, _} -> % ignore unrequired check
             ok;
         {true, undefined} ->
             throw({bad_request, <<"Missing nbf claim">>});
-        {_, IAT} ->
-            assert_past(<<"nbf">>, IAT)
+        {true, NBF} ->
+            assert_past(<<"nbf">>, NBF)
     end.
 
 
@@ -248,11 +247,11 @@ validate_exp(Props, Checks) ->
     EXP = prop(<<"exp">>, Props),
 
     case {Required, EXP} of
-        {undefined, undefined} ->
+        {undefined, _} -> % ignore unrequired check
             ok;
         {true, undefined} ->
             throw({bad_request, <<"Missing exp claim">>});
-        {_, EXP} ->
+        {true, EXP} ->
             assert_future(<<"exp">>, EXP)
     end.
 
@@ -351,3 +350,20 @@ now_seconds() ->
 
 prop(Prop, Props) ->
     proplists:get_value(Prop, Props).
+
+
+-ifdef(TEST).
+-include_lib("eunit/include/eunit.hrl").
+
+validate_payload_ignore_unchecked_props_test() ->
+    ?assertEqual(ok, validate_payload(_Props = [], _Checks = [])),
+    BogusProps = [
+        {iss, bogus},
+        {iat, bogus},
+        {nbf, bogus},
+        {exp, bogus}
+    ],
+    ?assertEqual(ok, validate_payload(BogusProps, _Checks = [])),
+    ok.
+
+-endif.