diff --git a/lib/shopify_api/auth/jwt_payload.rb b/lib/shopify_api/auth/jwt_payload.rb index e61b92bb..9a81730b 100644 --- a/lib/shopify_api/auth/jwt_payload.rb +++ b/lib/shopify_api/auth/jwt_payload.rb @@ -73,8 +73,7 @@ def ==(other) sig { params(token: String, api_secret_key: String).returns(T::Hash[String, T.untyped]) } def decode_token(token, api_secret_key) - JWT.decode(token, api_secret_key, true, - { exp_leeway: JWT_EXPIRATION_LEEWAY, algorithm: "HS256" })[0] + JWT.decode(token, api_secret_key, true, leeway: JWT_EXPIRATION_LEEWAY, algorithm: "HS256")[0] rescue JWT::DecodeError => err raise ShopifyAPI::Errors::InvalidJwtTokenError, "Error decoding session token: #{err.message}" end diff --git a/test/auth/jwt_payload_test.rb b/test/auth/jwt_payload_test.rb index 7ca6bdd6..8bbe8a0a 100644 --- a/test/auth/jwt_payload_test.rb +++ b/test/auth/jwt_payload_test.rb @@ -76,7 +76,7 @@ def test_decode_jwt_payload_fails_with_expired_token def test_decode_jwt_payload_fails_if_not_activated_yet payload = @jwt_payload.dup - payload[:nbf] = (Time.now + 10).to_i + payload[:nbf] = (Time.now + 12).to_i jwt_token = JWT.encode(payload, ShopifyAPI::Context.api_secret_key, "HS256") assert_raises(ShopifyAPI::Errors::InvalidJwtTokenError) do ShopifyAPI::Auth::JwtPayload.new(jwt_token) @@ -92,6 +92,44 @@ def test_decode_jwt_payload_fails_with_invalid_api_key ShopifyAPI::Auth::JwtPayload.new(jwt_token) end end + + def test_decode_jwt_payload_succeeds_with_expiration_in_the_past_within_10s_leeway + payload = @jwt_payload.merge(exp: Time.now.to_i - 8) + jwt_token = JWT.encode(payload, ShopifyAPI::Context.api_secret_key, "HS256") + + decoded = ShopifyAPI::Auth::JwtPayload.new(jwt_token) + + assert_equal(payload, { + iss: decoded.iss, + dest: decoded.dest, + aud: decoded.aud, + sub: decoded.sub, + exp: decoded.exp, + nbf: decoded.nbf, + iat: decoded.iat, + jti: decoded.jti, + sid: decoded.sid, + }) + end + + def test_decode_jwt_payload_succeeds_with_not_before_in_the_future_within_10s_leeway + payload = @jwt_payload.merge(nbf: Time.now.to_i + 8) + jwt_token = JWT.encode(payload, ShopifyAPI::Context.api_secret_key, "HS256") + + decoded = ShopifyAPI::Auth::JwtPayload.new(jwt_token) + + assert_equal(payload, { + iss: decoded.iss, + dest: decoded.dest, + aud: decoded.aud, + sub: decoded.sub, + exp: decoded.exp, + nbf: decoded.nbf, + iat: decoded.iat, + jti: decoded.jti, + sid: decoded.sid, + }) + end end end end