diff options
author | Sanan Guliyev <sanan.quliyev@gmail.com> | 2018-04-24 23:42:19 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-24 23:42:19 +0200 |
commit | e8da1da26b4c1627229a1144fa310673ac2649ef (patch) | |
tree | 14d07cf5b148c8511479ab45b200e9b81f70ab35 | |
parent | 07659517a6dbc60ebe80095052585293f00e9125 (diff) | |
download | itsdangerous-e8da1da26b4c1627229a1144fa310673ac2649ef.tar.gz |
Convert `exp` header to int if it is valid IntDate
Some dynamic value generator (for example Paw https://paw.cloud/extensions/JsonWebTokenDynamicValue) generate string value for timestamp and it raises the bad signature error.
-rw-r--r-- | itsdangerous.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/itsdangerous.py b/itsdangerous.py index cdd2329..f618038 100644 --- a/itsdangerous.py +++ b/itsdangerous.py @@ -825,6 +825,11 @@ class TimedJSONWebSignatureSerializer(JSONWebSignatureSerializer): if 'exp' not in header: raise BadSignature('Missing expiry date', payload=payload) + try: + header['exp'] = int(header['exp']) + except ValueError: + raise BadHeader('Expiry date is not valid timestamp', payload=payload) + if not (isinstance(header['exp'], number_types) and header['exp'] > 0): raise BadSignature('expiry date is not an IntDate', |