From 23079e604028753091c71148f22d75b1e45635c1 Mon Sep 17 00:00:00 2001
From: Dave Mc Nicoll <dave.mcnicoll@cslsj.qc.ca>
Date: Mon, 9 Dec 2024 21:58:42 +0000
Subject: [PATCH] - Added payload expiration time validation

---
 src/Authorize/Bearer/JsonWebTokenDecoder.php  | 3 +++
 src/Authorize/Bearer/JsonWebTokenValidate.php | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/src/Authorize/Bearer/JsonWebTokenDecoder.php b/src/Authorize/Bearer/JsonWebTokenDecoder.php
index 90e1ff6..039896b 100644
--- a/src/Authorize/Bearer/JsonWebTokenDecoder.php
+++ b/src/Authorize/Bearer/JsonWebTokenDecoder.php
@@ -29,6 +29,9 @@ class JsonWebTokenDecoder
                             JsonWebTokenValidate::validateHeaderType($jsonArray);
                             JsonWebTokenValidate::validateHeaderAlgorithm($jsonArray);
                         }
+                        elseif ($key === 'payload') {
+                            JsonWebTokenValidate::validatePayloadExpiration($jsonArray);
+                        }
 
                         $this->$key = $jsonArray;
                     }
diff --git a/src/Authorize/Bearer/JsonWebTokenValidate.php b/src/Authorize/Bearer/JsonWebTokenValidate.php
index eb513a6..0fb2c7c 100644
--- a/src/Authorize/Bearer/JsonWebTokenValidate.php
+++ b/src/Authorize/Bearer/JsonWebTokenValidate.php
@@ -26,6 +26,15 @@ abstract class JsonWebTokenValidate
         }
     }
 
+    public static function validatePayloadExpiration(array $payload) : void
+    {
+        if ( array_key_exists('exp', $payload) && ( $payload['exp'] < time() ) ) {
+            throw new JsonWebTokenDecodingError(
+                sprintf("Given token is expired (%s)", ( new \DateTime())->setTimestamp($payload['exp'])->format(\DateTime::ISO8601) )
+            );
+        }
+    }
+
     public static function validateSignature(string $alg, string $secret, string $encodedHeader, string $encodedPayload, string $encodedSignature) : void
     {
         $algorithm = JsonWebTokenAlgorithmEnum::fromString($alg);