Conversation
jimmyjames
added
documentation
| * If Issued At verification has been disabled with {@link #ignoreIssuedAt()}, no verification of the Issued At | ||
| * claim will be performed, and this method has no effect. | ||
| * | ||
| * Issued At Date is verified by default when the value is present, unless disabled |
There was a problem hiding this comment.
The line below looks similar to this one. We should keep one.
There was a problem hiding this comment.
Yes. I pushed a new commit to remove the duplication and improve clarity.
| public void shouldOverrideAcceptIssuedAtWhenIgnoreIssuedAtFlagPassedAndSkipTheVerification() throws Exception { | ||
| Clock clock = mock(Clock.class); | ||
| when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE - 1000)); | ||
| when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE - 10000)); |
There was a problem hiding this comment.
If I understand correctly the issue with this test was the mocked clock not being passed. Given the logic didn't change, can we roll back this, or why is it introduced? If you look at the rest of the tests they are all adding/subtracting 1000 (1 seg) to this date constant.
There was a problem hiding this comment.
The purpose of the test I understand it, is to verify that if using a custom issuedAt leeway that would cause verification to fail, when calling ignoreIssuedAt the verification would still pass. If setting the mock clock to return one second earlier (subtracting 1000), the verification would still pass if not using ignoreIssuedAt, unless setting the leeway to zero. That means the test would pass even if ignoredIssuedAt were not actually ignoring the issuedAt validation. For context:
- JWT issuedAt date: Sat Jan 17 20:26:32 CST 1970
- Setting mock clock to
DEFAULT_TOKEN_MS_VALUE - 1000): Sat Jan 17 20:26:31 CST 1970 (1 second before issuedAt date) - Setting mock clock to
DEFAULT_TOKEN_MS_VALUE - 10000): Sat Jan 17 20:26:22 CST 1970 (10 seconds before issuedAt date)
3 participants
Changes
Fixes #470.
Updates the JavaDocs of
acceptIssuedAtto clarify the behavior if used in combination withignoreIssuedAt.Also fixes the related test; it was not passing the mocked clock, and the mocked clock and issuedAt leeway was configured to always pass. This was masking any issues with
ignoreIssuedAt, since the validation would pass if the issuedAt claim was not ignored.Checklist