made the jwt `freshness` function work with non-expiring tokens

2017-10-19 15:27:35 -06:00 · 2017-10-19 15:27:35 -06:00 · d7d07b841a
parent 26e9a1c08b
commit d7d07b841a
1 changed files with 17 additions and 10 deletions
--- a/oauth3.core.js
+++ b/oauth3.core.js
@ -224,20 +224,27 @@

        return OAUTH3.crypto.core.verify(jwk, data, signature);
      }
-    , freshness: function (tokenMeta, staletime, _now) {
-        staletime = staletime || (15 * 60);
-        var now = _now || Date.now();
-        var fresh = ((parseInt(tokenMeta.exp, 10) || 0) - Math.round(now / 1000));
-
-        if (fresh >= staletime) {
+    , freshness: function (tokenMeta, staletime, now) {
+        // If the token doesn't expire then it's always fresh.
+        if (!tokenMeta.exp) {
          return 'fresh';
        }

-        if (fresh <= 0) {
-          return 'expired';
+        staletime = staletime || (15 * 60);
+        now = now || Date.now();
+        // This particular number used to check if time is in milliseconds or seconds will work
+        // for any date between the years 1973 and 5138.
+        if (now > 1e11) {
+          now = Math.round(now / 1000);
+        }
+        var exp = parseInt(tokenMeta.exp, 10) || 0;
+        if (exp < now) {
+          return 'expired';
+        } else if (exp < now + staletime) {
+          return 'stale';
+        } else {
+          return 'fresh';
        }
-
-        return 'stale';
      }
    }
  , urls: {