From 0a99cc2427c751275ea0002acca9ba0c07c25834 Mon Sep 17 00:00:00 2001 From: Viicos <65306057+Viicos@users.noreply.github.com> Date: Sun, 15 Jan 2023 04:13:02 +0100 Subject: Fix `_validate_iat` validation (#847) * Fix `_validate_iat` validation * Add test and update changelog --- CHANGELOG.rst | 1 + jwt/api_jwt.py | 3 +-- tests/test_api_jwt.py | 7 +++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3c69338..12117ec 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,7 @@ Fixed ~~~~~ - Add classifier for Python 3.11 by @eseifert in `#818 `_ +- Fix ``_validate_iat`` validation by @Viicos in `#847 `_ Added ~~~~~ diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index fd8a8bf..5664949 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -265,9 +265,8 @@ class PyJWT: now: float, leeway: float, ) -> None: - iat = payload["iat"] try: - int(iat) + iat = int(payload["iat"]) except ValueError: raise InvalidIssuedAtError("Issued At claim (iat) must be an integer.") if iat > (now + leeway): diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index d74973d..24ed240 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -227,6 +227,13 @@ class TestJWT: with pytest.raises(ImmatureSignatureError): jwt.decode(jwt_message, secret, algorithms=["HS256"]) + def test_decode_works_if_iat_is_str_of_a_number(self, jwt, payload): + payload["iat"] = "1638202770" + secret = "secret" + jwt_message = jwt.encode(payload, secret) + data = jwt.decode(jwt_message, secret, algorithms=["HS256"]) + assert data["iat"] == "1638202770" + def test_decode_raises_exception_if_nbf_is_not_int(self, jwt): # >>> jwt.encode({'nbf': 'not-an-int'}, 'secret') example_jwt = ( -- cgit v1.2.1