ZhouXY108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-04-19 03:01:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix jwt bug

Browse Source
This commit is contained in:
Looly 2022-05-16 18:43:48 +08:00
parent 844113c583
commit 3115f0dad8
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -19,6 +19,7 @@
* 【db 】 DialectName中修正为POSTGRESQLissue#2308@Github * 【db 】 DialectName中修正为POSTGRESQLissue#2308@Github
* 【core 】 修复BeanPath无法识别引号内的内容问题issue#I56DE0@Gitee * 【core 】 修复BeanPath无法识别引号内的内容问题issue#I56DE0@Gitee
* 【core 】 修复Map.entry方法返回可变不可变相反问题 * 【core 】 修复Map.entry方法返回可变不可变相反问题
* 【jwt 】 修复jwt的过期容忍时间问题issue#2329@Gitee
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------

8
hutool-jwt/src/main/java/cn/hutool/jwt/JWTValidator.java
View File

@ -222,7 +222,9 @@ public class JWTValidator {
if (null == dateToCheck) { if (null == dateToCheck) {
return; return;
} }
now.setTime(now.getTime() + leeway * 1000); if(leeway > 0){
now = DateUtil.date(now.getTime() + leeway * 1000);
}
if (dateToCheck.after(now)) { if (dateToCheck.after(now)) {
throw new ValidateException("'{}':[{}] is after now:[{}]", throw new ValidateException("'{}':[{}] is after now:[{}]",
fieldName, DateUtil.date(dateToCheck), DateUtil.date(now)); fieldName, DateUtil.date(dateToCheck), DateUtil.date(now));
@ -244,7 +246,9 @@ public class JWTValidator {
if (null == dateToCheck) { if (null == dateToCheck) {
return; return;
} }
now.setTime(now.getTime() - leeway * 1000); if(leeway > 0){
now = DateUtil.date(now.getTime() - leeway * 1000);
}
if (dateToCheck.before(now)) { if (dateToCheck.before(now)) {
throw new ValidateException("'{}':[{}] is before now:[{}]", throw new ValidateException("'{}':[{}] is before now:[{}]",
fieldName, DateUtil.date(dateToCheck), DateUtil.date(now)); fieldName, DateUtil.date(dateToCheck), DateUtil.date(now));

18
hutool-jwt/src/test/java/cn/hutool/jwt/JWTValidatorTest.java
View File

@ -6,6 +6,8 @@ import cn.hutool.jwt.signers.JWTSignerUtil;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import java.util.Date;
public class JWTValidatorTest { public class JWTValidatorTest {
@Test(expected = ValidateException.class) @Test(expected = ValidateException.class)
@ -79,4 +81,20 @@ public class JWTValidatorTest {
JWTValidator.of(jwt).validateDate(DateUtil.date()); JWTValidator.of(jwt).validateDate(DateUtil.date());
} }
@Test
public void issue2329Test(){
final long NOW = System.currentTimeMillis();
final Date NOW_TIME = new Date(NOW);
final long EXPIRED = 3 * 1000L;
final Date EXPIRED_TIME = new Date(NOW + EXPIRED);
// 使用这种方式生成token
final String token = JWT.create().setPayload("sub", "blue-light").setIssuedAt(NOW_TIME).setNotBefore(EXPIRED_TIME)
.setExpiresAt(EXPIRED_TIME).setKey("123456".getBytes()).sign();
// 使用这种方式验证token
JWTValidator.of(JWT.of(token)).validateDate(DateUtil.date(NOW - 4000), 10);
JWTValidator.of(JWT.of(token)).validateDate(DateUtil.date(NOW + 4000), 10);
}
} }