diff options
author | Sriharan Manogaran <sriharan72@gmail.com> | 2022-10-15 13:17:14 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-15 13:47:14 +0600 |
commit | 9cb9401cc579f11dbb17181e8713f061f8e40ed4 (patch) | |
tree | 6e912fa840b6c0d4ee128ae8ad7292d57cb27d1e | |
parent | 8ccb8258508721f67fb3bb0678080111ef22d6d3 (diff) | |
download | pyjwt-9cb9401cc579f11dbb17181e8713f061f8e40ed4.tar.gz |
Handling 'ImmatureSignatureError' for issued_at time (#794)
* Handling 'ImmatureSignatureError' for issued_at time when it is a future time
* adding changelog and test cases
-rw-r--r-- | CHANGELOG.rst | 1 | ||||
-rw-r--r-- | jwt/api_jwt.py | 5 | ||||
-rw-r--r-- | tests/test_api_jwt.py | 8 |
3 files changed, 13 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2432203..1a00657 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,7 @@ Fixed Added ~~~~~ +- Adding validation for `issued_at` when `iat > (now + leeway)` as `ImmatureSignatureError` by @sriharan16 in https://github.com/jpadilla/pyjwt/pull/794 `v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>`__ ----------------------------------------------------------------------- diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index a391793..4bb1ee1 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -210,10 +210,13 @@ class PyJWT: raise MissingRequiredClaimError(claim) def _validate_iat(self, payload, now, leeway): + iat = payload["iat"] try: - int(payload["iat"]) + int(iat) except ValueError: raise InvalidIssuedAtError("Issued At claim (iat) must be an integer.") + if iat > (now + leeway): + raise ImmatureSignatureError("The token is not yet valid (iat)") def _validate_nbf(self, payload, now, leeway): try: diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index bebe7d2..d74973d 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -219,6 +219,14 @@ class TestJWT: with pytest.raises(InvalidIssuedAtError): jwt.decode(example_jwt, "secret", algorithms=["HS256"]) + def test_decode_raises_exception_if_iat_is_greater_than_now(self, jwt, payload): + payload["iat"] = utc_timestamp() + 10 + secret = "secret" + jwt_message = jwt.encode(payload, secret) + + with pytest.raises(ImmatureSignatureError): + jwt.decode(jwt_message, secret, algorithms=["HS256"]) + def test_decode_raises_exception_if_nbf_is_not_int(self, jwt): # >>> jwt.encode({'nbf': 'not-an-int'}, 'secret') example_jwt = ( |