Test for order of claim validation

jwt · Aug 4, 2024 · 4cde044 · 4cde044
1 parent 01574df
commit 4cde044
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/spec/jwt/jwt_spec.rb b/spec/jwt/jwt_spec.rb
@@ -534,7 +534,7 @@
       let(:iss) { 'ruby-jwt-gem' }
       let(:invalid_token) { JWT.encode payload, data[:secret] }
 
-      let :token do
+      let(:token) do
         iss_payload = payload.merge(iss: iss)
         JWT.encode iss_payload, data[:secret]
       end
@@ -544,6 +544,16 @@
         end.not_to raise_error
       end
     end
+
+    context 'claim verification order' do
+      let(:token) { JWT.encode({ nbf: Time.now.to_i + 100 }, 'secret') }
+
+      context 'when two claims are invalid' do
+        it 'depends on the order of the parameters what error is raised' do
+          expect { JWT.decode(token, 'secret', true, { verify_jti: true, verify_not_before: true }) }.to raise_error(JWT::ImmatureSignature, 'Signature nbf has not been reached')
+        end
+      end
+    end
   end
 
   context 'a token with no segments' do