Merge pull request #1 from naveego/update-nbf

Updated nbf to be 5 minutes in the past
naveego · Aug 25, 2020 · 28ba5e5 · 28ba5e5
2 parents 7467c40 + 29c5770
commit 28ba5e5
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 3 deletions.
diff --git a/VERSION b/VERSION
@@ -0,0 +1 @@
+1.1.0
diff --git a/plugin/path_jwt_test.go b/plugin/path_jwt_test.go
@@ -81,14 +81,15 @@ var _ = Describe("PathIssue", func() {
 			jwt, err := jws.ParseJWT([]byte(token))
 			Expect(err).ToNot(HaveOccurred())
 
+			fiveMinutesAgo := time.Now().Add(-5 * time.Minute)
 			Expect(jwt.Claims()).To(
 				And(
 					HaveKeyWithValue("aud", ContainElement("test-audience")),
 					HaveKeyWithValue("sub", roleData["sub"]),
 					HaveKeyWithValue("iss", roleData["iss"]),
 					HaveKeyWithValue(customClaimTye, customClaimValue),
 					HaveKeyWithValue(overridableClaimType, overridableClaimExpectedValue),
-					HaveKeyWithValue("nbf", BeFloatTimestampCloseTo(time.Now(), time.Second)),
+					HaveKeyWithValue("nbf", BeFloatTimestampCloseTo(fiveMinutesAgo, time.Second)),
 					HaveKeyWithValue("iat", BeFloatTimestampCloseTo(time.Now(), time.Second)),
 					HaveKeyWithValue("exp", BeFloatTimestampCloseTo(time.Now().Add(time.Second*10), time.Second)),
 				))

diff --git a/plugin/token.go b/plugin/token.go
@@ -124,7 +124,8 @@ func CreateJWTToken(createEntry TokenCreateEntry, roleEntry RoleStorageEntry, ke
 		claims.Expiry = jwt.NewNumericDate(utc)
 	}
 	if roleEntry.NotBefore {
-		claims.NotBefore = jwt.NewNumericDate(time.Now())
+		fiveMinutesAgo := time.Now().Add(-5 * time.Minute)
+		claims.NotBefore = jwt.NewNumericDate(fiveMinutesAgo)
 	}
 	if roleEntry.IssuedAt {
 		claims.IssuedAt = jwt.NewNumericDate(time.Now())

diff --git a/plugin/token_test.go b/plugin/token_test.go
@@ -179,7 +179,8 @@ var _ = Describe("CreateJWTToken", func() {
 				Time:     time.Now(),
 			}))
 
-			Expect(claims.NotBefore.Time()).To(BeTemporally("~", time.Now(), time.Second))
+			fiveMinutesAgo := time.Now().Add(-5 * time.Minute)
+			Expect(claims.NotBefore.Time()).To(BeTemporally("~", fiveMinutesAgo, time.Second))
 			Expect(claims.IssuedAt.Time()).To(BeTemporally("~", time.Now(), time.Second))
 			Expect(claims.Expiry.Time()).To(BeTemporally("~", time.Now().Add(role.TokenTTL), time.Second))
 		})

diff --git a/test/install_in_docker.sh b/test/install_in_docker.sh
@@ -20,6 +20,10 @@ vault auth enable approle
 # enable database plugin
 vault secrets enable database
 
+# enable secrets kv
+vault secrets enable -path=naveego-secrets kv
+vault secrets enable -path=tenant-secrets kv
+
 # install the jwt plugin
 vault write sys/plugins/catalog/jose sha_256=$(cat /vault/plugins/jose-plugin.sha) command=jose-plugin