Fix Tests

Added default for parser option to propagate the time func Also adjusted the get claims error check around expiry Updated a related test due to changes
appleboy · Feb 2, 2024 · 110df2f · 110df2f
1 parent c0ecf09
commit 110df2f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 24 deletions.
diff --git a/auth_jwt.go b/auth_jwt.go
@@ -2,7 +2,6 @@ package jwt
 
 import (
 	"crypto/rsa"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"os"
@@ -153,7 +152,8 @@ type GinJWTMiddleware struct {
 	// CookieSameSite allow use http.SameSite cookie param
 	CookieSameSite http.SameSite
 
-	// ParseOptions allow to modify jwt's parser methods
+	// ParseOptions allow to modify jwt's parser methods. 
+	// WithTimeFunc is always added to ensure the TimeFunc is propagated to the validator
 	ParseOptions []jwt.ParserOption
 }
 
@@ -406,6 +406,12 @@ func (mw *GinJWTMiddleware) MiddlewareInit() error {
 	if mw.Key == nil {
 		return ErrMissingSecretKey
 	}
+
+	if len(mw.ParseOptions) == 0 {
+		mw.ParseOptions = []jwt.ParserOption{}
+	}
+	mw.ParseOptions = append(mw.ParseOptions, jwt.WithTimeFunc(mw.TimeFunc))
+
 	return nil
 }
 
@@ -419,31 +425,24 @@ func (mw *GinJWTMiddleware) MiddlewareFunc() gin.HandlerFunc {
 func (mw *GinJWTMiddleware) middlewareImpl(c *gin.Context) {
 	claims, err := mw.GetClaimsFromJWT(c)
 	if err != nil {
-		mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(err, c))
-		return
-	}
-
-	switch v := claims["exp"].(type) {
-	case nil:
-		mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrMissingExpField, c))
-		return
-	case float64:
-		if int64(v) < mw.TimeFunc().Unix() {
+		if errors.Is(err, jwt.ErrTokenExpired) {
 			mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(ErrExpiredToken, c))
 			return
-		}
-	case json.Number:
-		n, err := v.Int64()
-		if err != nil {
+		} else if errors.Is(err, jwt.ErrInvalidType) && strings.Contains(err.Error(), "exp is invalid") {
 			mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrWrongFormatOfExp, c))
 			return
-		}
-		if n < mw.TimeFunc().Unix() {
-			mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(ErrExpiredToken, c))
+		} else if errors.Is(err, jwt.ErrTokenRequiredClaimMissing) && strings.Contains(err.Error(), "exp claim is required") {
+			mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrMissingExpField, c))
+			return
+		} else {
+			mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(err, c))
 			return
 		}
-	default:
-		mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrWrongFormatOfExp, c))
+	}
+
+	// For backwards compatibility since technically exp is not required in the spec but has been in gin-jwt
+	if claims["exp"] == nil {
+		mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrMissingExpField, c))
 		return
 	}
 

diff --git a/auth_jwt_test.go b/auth_jwt_test.go
@@ -1227,7 +1227,7 @@ func TestExpiredField(t *testing.T) {
 		})
 
 	// wrong format
-	claims["exp"] = "wrongFormatForExpiryIgnoredByJwtLibrary"
+	claims["exp"] = "wrongFormatForExpiry"
 	tokenString, _ = token.SignedString(key)
 
 	r.GET("/auth/hello").
@@ -1237,8 +1237,8 @@ func TestExpiredField(t *testing.T) {
 		Run(handler, func(r gofight.HTTPResponse, rq gofight.HTTPRequest) {
 			message := gjson.Get(r.Body.String(), "message")
 
-			assert.Equal(t, ErrExpiredToken.Error(), strings.ToLower(message.String()))
-			assert.Equal(t, http.StatusUnauthorized, r.Code)
+			assert.Equal(t, ErrWrongFormatOfExp.Error(), strings.ToLower(message.String()))
+			assert.Equal(t, http.StatusBadRequest, r.Code)
 		})
 }