Additional checks for validity and in validator
* Properly check nbf and exp claims in token to determine simple validity. * Properly check nbf and exp claims in validator and throw exceptions if expired/not yet valid.
This commit is contained in:
parent
369514589f
commit
f83998e6c7
@ -70,6 +70,14 @@ class JWTToken
|
|||||||
$this->valid = false;
|
$this->valid = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($this->header->has('nbf')) {
|
||||||
|
$nbf = intval($this->header->get('nbf'));
|
||||||
|
if ($nbf >= time()) {
|
||||||
|
// Invalid if before
|
||||||
|
$this->valid = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -47,6 +47,18 @@ class JWTValidator
|
|||||||
throw new JWTTokenException("The token is not valid");
|
throw new JWTTokenException("The token is not valid");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($token->claims->has("nbf")) {
|
||||||
|
$notBefore = intval($token->claims->get("nbf"));
|
||||||
|
if (time() < $notBefore)
|
||||||
|
throw new JWTTokenException("Token not yet valid");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($token->claims->has("exp")) {
|
||||||
|
$notAfter = intval($token->claims->get("exp"));
|
||||||
|
if (time() > $notAfter)
|
||||||
|
throw new JWTTokenException("Token no longer valid");
|
||||||
|
}
|
||||||
|
|
||||||
if (!$token->header->hasAll($this->requireHeaders)) {
|
if (!$token->header->hasAll($this->requireHeaders)) {
|
||||||
throw new JWTHeaderException("The token is missing one or more required headers");
|
throw new JWTHeaderException("The token is missing one or more required headers");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user