From f83998e6c7300c82bc9b9f4102488ede460739f4 Mon Sep 17 00:00:00 2001
From: Christopher Vagnetoft <cvagnetoft@gmail.com>
Date: Mon, 11 Mar 2024 23:34:19 +0100
Subject: [PATCH] Additional checks for validity and in validator

* Properly check nbf and exp claims in token to determine simple
  validity.
* Properly check nbf and exp claims in validator and throw exceptions
  if expired/not yet valid.
---
 src/JWTToken.php               |  8 ++++++++
 src/Validator/JWTValidator.php | 12 ++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/JWTToken.php b/src/JWTToken.php
index 10bcef4..cf53d0f 100644
--- a/src/JWTToken.php
+++ b/src/JWTToken.php
@@ -70,6 +70,14 @@ class JWTToken
                 $this->valid = false;
             }
         }
+
+        if ($this->header->has('nbf')) {
+            $nbf = intval($this->header->get('nbf'));
+            if ($nbf >= time()) {
+                // Invalid if before
+                $this->valid = false;
+            }
+        }
     }
 
     /**
diff --git a/src/Validator/JWTValidator.php b/src/Validator/JWTValidator.php
index 0b3e2d3..3ec0df3 100644
--- a/src/Validator/JWTValidator.php
+++ b/src/Validator/JWTValidator.php
@@ -47,6 +47,18 @@ class JWTValidator
             throw new JWTTokenException("The token is not valid");
         }
 
+        if ($token->claims->has("nbf")) {
+            $notBefore = intval($token->claims->get("nbf"));
+            if (time() < $notBefore)
+                throw new JWTTokenException("Token not yet valid");
+        }
+
+        if ($token->claims->has("exp")) {
+            $notAfter = intval($token->claims->get("exp"));
+            if (time() > $notAfter)
+                throw new JWTTokenException("Token no longer valid");
+        }
+
         if (!$token->header->hasAll($this->requireHeaders)) {
             throw new JWTHeaderException("The token is missing one or more required headers");
         }