Fixed #500: -Infinity, Infinity and NaN should fail validation

Author: andrewnester

sign.js

@@ -23,10 +23,14 @@ var sign_options_schema = {
   mutatePayload: { isValid: isBoolean, message: '"mutatePayload" must be a boolean' }
 };
 
+var isValidNumber = function(value) {
+  return isNumber(value) && isFinite(value) && !isNaN(value);
+};
+
 var registered_claims_schema = {
-  iat: { isValid: isNumber, message: '"iat" should be a number of seconds' },
-  exp: { isValid: isNumber, message: '"exp" should be a number of seconds' },
-  nbf: { isValid: isNumber, message: '"nbf" should be a number of seconds' }
+  iat: { isValid: isValidNumber , message: '"iat" should be a number of seconds' },
+  exp: { isValid: isValidNumber, message: '"exp" should be a number of seconds' },
+  nbf: { isValid: isValidNumber, message: '"nbf" should be a number of seconds' }
 };
 
 function validate(schema, allowUnknown, object, parameterName) {

test/claim-exp.test.js

@@ -113,6 +113,9 @@ describe('expires', function() {
       ['foo'],
       {},
       {foo: 'bar'},
+      -Infinity,
+      Infinity,
+      NaN,
     ].forEach((exp) => {
       it(`should error with with value ${util.inspect(exp)}`, function (done) {
         signWithExpiresIn(undefined, {exp}, (err) => {
@@ -241,39 +244,6 @@ describe('expires', function() {
       });
     });
 
-    // TODO an exp of -Infinity should fail validation
-    it('should set null "exp" when given -Infinity', function (done) {
-      signWithExpiresIn(undefined, {exp: -Infinity}, (err, token) => {
-        const decoded = jwt.decode(token);
-        testUtils.asyncCheck(done, () => {
-          expect(err).to.be.null;
-          expect(decoded).to.have.property('exp', null);
-        });
-      });
-    });
-
-    // TODO an exp of Infinity should fail validation
-    it('should set null "exp" when given value Infinity', function (done) {
-      signWithExpiresIn(undefined, {exp: Infinity}, (err, token) => {
-        const decoded = jwt.decode(token);
-        testUtils.asyncCheck(done, () => {
-          expect(err).to.be.null;
-          expect(decoded).to.have.property('exp', null);
-        });
-      });
-    });
-
-    // TODO an exp of NaN should fail validation
-    it('should set null "exp" when given value NaN', function (done) {
-      signWithExpiresIn(undefined, {exp: NaN}, (err, token) => {
-        const decoded = jwt.decode(token);
-        testUtils.asyncCheck(done, () => {
-          expect(err).to.be.null;
-          expect(decoded).to.have.property('exp', null);
-        });
-      });
-    });
-
     it('should set correct "exp" when "iat" is passed', function (done) {
       signWithExpiresIn(-10, {iat: 80}, (e1, token) => {
         testUtils.verifyJWTHelper(token, undefined, {}, (e2, decoded) => {

test/claim-iat.test.js

@@ -37,6 +37,9 @@ describe('issue at', function() {
       ['foo'],
       {},
       {foo: 'bar'},
+      -Infinity,
+      Infinity,
+      NaN,
     ].forEach((iat) => {
       it(`should error with iat of ${util.inspect(iat)}`, function (done) {
         signWithIssueAt(iat, {}, (err) => {
@@ -111,27 +114,6 @@ describe('issue at', function() {
         expectedIssueAt: 100,
         options: {}
       },
-      // TODO an iat of -Infinity should fail validation
-      {
-        description: 'should set null "iat" when given -Infinity',
-        iat: -Infinity,
-        expectedIssueAt: null,
-        options: {}
-      },
-      // TODO an iat of Infinity should fail validation
-      {
-        description: 'should set null "iat" when given Infinity',
-        iat: Infinity,
-        expectedIssueAt: null,
-        options: {}
-      },
-      // TODO an iat of NaN should fail validation
-      {
-        description: 'should set to current time for "iat" when given value NaN',
-        iat: NaN,
-        expectedIssueAt: 60,
-        options: {}
-      },
       {
         description: 'should remove default "iat" with "noTimestamp" option',
         iat: undefined,

test/claim-nbf.test.js

@@ -113,6 +113,9 @@ describe('not before', function() {
       ['foo'],
       {},
       {foo: 'bar'},
+      -Infinity,
+      Infinity,
+      NaN,
     ].forEach((nbf) => {
       it(`should error with with value ${util.inspect(nbf)}`, function (done) {
         signWithNotBefore(undefined, {nbf}, (err) => {
@@ -238,39 +241,6 @@ describe('not before', function() {
       });
     });
 
-    // TODO an nbf of -Infinity should fail validation
-    it('should set null "nbf" when given -Infinity', function (done) {
-      signWithNotBefore(undefined, {nbf: -Infinity}, (err, token) => {
-        const decoded = jwt.decode(token);
-        testUtils.asyncCheck(done, () => {
-          expect(err).to.be.null;
-          expect(decoded).to.have.property('nbf', null);
-        });
-      });
-    });
-
-    // TODO an nbf of Infinity should fail validation
-    it('should set null "nbf" when given value Infinity', function (done) {
-      signWithNotBefore(undefined, {nbf: Infinity}, (err, token) => {
-        const decoded = jwt.decode(token);
-        testUtils.asyncCheck(done, () => {
-          expect(err).to.be.null;
-          expect(decoded).to.have.property('nbf', null);
-        });
-      });
-    });
-
-    // TODO an nbf of NaN should fail validation
-    it('should set null "nbf" when given value NaN', function (done) {
-      signWithNotBefore(undefined, {nbf: NaN}, (err, token) => {
-        const decoded = jwt.decode(token);
-        testUtils.asyncCheck(done, () => {
-          expect(err).to.be.null;
-          expect(decoded).to.have.property('nbf', null);
-        });
-      });
-    });
-
     it('should set correct "nbf" when "iat" is passed', function (done) {
       signWithNotBefore(-10, {iat: 40}, (e1, token) => {
         testUtils.verifyJWTHelper(token, undefined, {}, (e2, decoded) => {