function validate_token is not checking whether token is expired in class-jwt-auth-public.php

[prafullwizorbit]

Hello i think i am facing a problem what happened with me, this plugin was working well but after 7 days there is no any response from token validate function, because after 7 days still token is present in cookie but it is expired & when this is served as bearer then validate_token function doesn't give any response. this may be because there is no any condition is set for checking expiry time in validate_token function that exist in class-jwt-auth-public.php

Here is function ` public function validate_token($output = true) { /*

• Looking for the HTTP_AUTHORIZATION header, if not present just

• return the user. */ $auth = isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : false;

  /* Double check for different auth header string (server dependent) */
  if (!$auth) {
      $auth = isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : false;
  }
  
  if (!$auth) {
      return new WP_Error(
          'jwt_auth_no_auth_header',
          'Authorization header not found.',
          array(
              'status' => 403,
          )
      );
  }
  
  /*

• The HTTP_AUTHORIZATION is present verify the format

• if the format is wrong return the user. */ list($token) = sscanf($auth, 'Bearer %s'); if (!$token) { return new WP_Error( 'jwt_auth_bad_auth_header', 'Authorization header malformed.', array( 'status' => 403, ) ); }

  /** Get the Secret Key */
  $secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;
  if (!$secret_key) {
      return new WP_Error(
          'jwt_auth_bad_config',
          'JWT is not configurated properly, please contact the admin',
          array(
              'status' => 403,
          )
      );
  }
  
  /** Try to decode the token */
  try {
      $token = JWT::decode($token, $secret_key, array('HS256'));
      /** The Token is decoded now validate the iss */
      if ($token->iss != get_bloginfo('url')) {
          /** The iss do not match, return error */
          return new WP_Error(
              'jwt_auth_bad_iss',
              'The iss do not match with this server',
              array(
                  'status' => 403,
              )
          );
      }
      /** So far so good, validate the user id in the token */
      if (!isset($token->data->user->id)) {
          /** No user id in the token, abort!! */
          return new WP_Error(
              'jwt_auth_bad_request',
              'User ID not found in the token',
              array(
                  'status' => 403,
              )
          );
      }
      /** Everything looks good return the decoded token if the $output is false */
      if (!$output) {
          return $token;
      }
      /** If the output is true return an answer to the request to show it */
      return array(
          'code' => 'jwt_auth_valid_token',
          'data' => array(
              'status' => 200,
          ),
      );
  } catch (Exception $e) {
      /** Something is wrong trying to decode the token, send back the error */
      return new WP_Error(
          'jwt_auth_invalid_token',
          $e->getMessage(),
          array(
              'status' => 403,
          )
      );
  }

  }`

Can any one help me how to validate expiry token in every bearer token request.

Thanks.

[prafullwizorbit]

ok i found the answer actually jwt checking well for token expiry but it should be return in same way as token validate state like this way my code working well } catch (Exception $e) { /* Something is wrong trying to decode the token, send back the error / return array( 'code' => 'jwt_auth_invalid_token', 'data' => array( 'code' => $e->getMessage(), 'status' => 403, ), ); }