From 695143655b95d843d03d4a98ca43709cbe8169b4 Mon Sep 17 00:00:00 2001
From: gobinathal <gobinathal8@gmail.com>
Date: Fri, 28 Jul 2023 21:58:30 +0530
Subject: [PATCH] [spec] rspec to test that strings containing exp/nbf/iat are
 not validated

---
 spec/jwt/verify_spec.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/spec/jwt/verify_spec.rb b/spec/jwt/verify_spec.rb
index d6a817d0..c957afa6 100644
--- a/spec/jwt/verify_spec.rb
+++ b/spec/jwt/verify_spec.rb
@@ -2,6 +2,7 @@
 
 RSpec.describe ::JWT::Verify do
   let(:base_payload) { { 'user_id' => 'some@user.tld' } }
+  let(:string_payload) { 'beautyexperts_nbf_iat' }
   let(:options) { { leeway: 0 } }
 
   context '.verify_aud(payload, options)' do
@@ -64,6 +65,10 @@
       end.to raise_error JWT::ExpiredSignature
     end
 
+    it 'must not consider string containing exp as expired' do
+      expect(described_class.verify_expiration(string_payload, options)).to eq(nil)
+    end
+
     context 'when leeway is not specified' do
       let(:options) { {} }
 
@@ -103,6 +108,10 @@
         described_class.verify_iat(payload.merge('iat' => (iat + 120)), options)
       end.to raise_error JWT::InvalidIatError
     end
+
+    it 'must not validate if the payload is a string containing iat' do
+      expect(described_class.verify_iat(string_payload, options)).to eq(nil)
+    end
   end
 
   context '.verify_iss(payload, options)' do
@@ -265,6 +274,10 @@ def issuer_start_with_ruby?(issuer)
     it 'must allow some leeway in the token age when nbf_leeway is configured' do
       described_class.verify_not_before(payload, options.merge(nbf_leeway: 10))
     end
+
+    it 'must not validate if the payload is a string containing iat' do
+      expect(described_class.verify_not_before(string_payload, options)).to eq(nil)
+    end
   end
 
   context '.verify_sub(payload, options)' do