Skip to content

Commit

Permalink
Handling 'ImmatureSignatureError' for issued_at time (#794)
Browse files Browse the repository at this point in the history
* Handling 'ImmatureSignatureError' for issued_at time when it is a future time

* adding changelog and test cases
  • Loading branch information
sriharan16 authored Oct 15, 2022
1 parent 8ccb825 commit 9cb9401
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ Fixed

Added
~~~~~
- Adding validation for `issued_at` when `iat > (now + leeway)` as `ImmatureSignatureError` by @sriharan16 in https://github.com/jpadilla/pyjwt/pull/794

`v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>`__
-----------------------------------------------------------------------
Expand Down
5 changes: 4 additions & 1 deletion jwt/api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -210,10 +210,13 @@ def _validate_required_claims(self, payload, options):
raise MissingRequiredClaimError(claim)

def _validate_iat(self, payload, now, leeway):
iat = payload["iat"]
try:
int(payload["iat"])
int(iat)
except ValueError:
raise InvalidIssuedAtError("Issued At claim (iat) must be an integer.")
if iat > (now + leeway):
raise ImmatureSignatureError("The token is not yet valid (iat)")

def _validate_nbf(self, payload, now, leeway):
try:
Expand Down
8 changes: 8 additions & 0 deletions tests/test_api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,14 @@ def test_decode_raises_exception_if_iat_is_not_int(self, jwt):
with pytest.raises(InvalidIssuedAtError):
jwt.decode(example_jwt, "secret", algorithms=["HS256"])

def test_decode_raises_exception_if_iat_is_greater_than_now(self, jwt, payload):
payload["iat"] = utc_timestamp() + 10
secret = "secret"
jwt_message = jwt.encode(payload, secret)

with pytest.raises(ImmatureSignatureError):
jwt.decode(jwt_message, secret, algorithms=["HS256"])

def test_decode_raises_exception_if_nbf_is_not_int(self, jwt):
# >>> jwt.encode({'nbf': 'not-an-int'}, 'secret')
example_jwt = (
Expand Down

0 comments on commit 9cb9401

Please sign in to comment.