From dd6500a7bfeaa28fd558f7cc52078f89ca81f62c Mon Sep 17 00:00:00 2001
From: zachmann <gabriel.zachmann@kit.edu>
Date: Mon, 18 Oct 2021 18:52:43 +0200
Subject: [PATCH] fix bug where mytokens that are not yet valid cannot be
 created

---
 CHANGELOG.md                                  |  1 +
 .../token/mytoken/polling/pollingEndpoint.go  |  2 +-
 shared/mytoken/pkg/mytoken.go                 | 24 +++++++++++++++----
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1495b418..cf75fdfa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,6 +36,7 @@
 - Fixed PKCE code verifier length.
 - Fixed Datetimepicker issues on consent page.
 - Fixed response type if an (oidc) error occures on the redirect step of the authorization code flow.
+- Fixed a bug where mytokens that are not yet valid could not be created
 
 ## mytoken 0.3.2
 
diff --git a/internal/endpoints/token/mytoken/polling/pollingEndpoint.go b/internal/endpoints/token/mytoken/polling/pollingEndpoint.go
index c137709f..0d8b184e 100644
--- a/internal/endpoints/token/mytoken/polling/pollingEndpoint.go
+++ b/internal/endpoints/token/mytoken/polling/pollingEndpoint.go
@@ -65,7 +65,7 @@ func handlePollingCode(req response.PollingCodeRequest, networkData api.ClientMe
 			Response: api.ErrorAuthorizationPending,
 		}
 	}
-	mt, err := mytoken.ParseJWT(token)
+	mt, err := mytoken.ParseJWTWithoutClaimsValidation(token)
 	if err != nil {
 		log.Errorf("%s", errorfmt.Full(err))
 		return model.ErrorToInternalServerErrorResponse(err)
diff --git a/shared/mytoken/pkg/mytoken.go b/shared/mytoken/pkg/mytoken.go
index e2eff9e7..b1917b7e 100644
--- a/shared/mytoken/pkg/mytoken.go
+++ b/shared/mytoken/pkg/mytoken.go
@@ -255,15 +255,31 @@ func (mt *Mytoken) ToJWT() (string, error) {
 		return mt.jwt, nil
 	}
 	var err error
-	mt.jwt, err = jwt.NewWithClaims(jwt.GetSigningMethod(config.Get().Signing.Alg), mt).SignedString(jws.GetPrivateKey())
+	mt.jwt, err = jwt.NewWithClaims(
+		jwt.GetSigningMethod(config.Get().Signing.Alg), mt,
+	).SignedString(jws.GetPrivateKey())
 	return mt.jwt, errors.WithStack(err)
 }
 
 // ParseJWT parses a token string into a Mytoken
 func ParseJWT(token string) (*Mytoken, error) {
-	tok, err := jwt.ParseWithClaims(token, &Mytoken{}, func(t *jwt.Token) (interface{}, error) {
-		return jws.GetPublicKey(), nil
-	})
+	return parseJWT(token, false)
+}
+
+// ParseJWTWithoutClaimsValidation parses a token string into a Mytoken
+func ParseJWTWithoutClaimsValidation(token string) (*Mytoken, error) {
+	return parseJWT(token, true)
+}
+
+func parseJWT(token string, skipCalimsValidation bool) (*Mytoken, error) {
+	parser := jwt.Parser{
+		SkipClaimsValidation: skipCalimsValidation,
+	}
+	tok, err := parser.ParseWithClaims(
+		token, &Mytoken{}, func(t *jwt.Token) (interface{}, error) {
+			return jws.GetPublicKey(), nil
+		},
+	)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
-- 
GitLab