Merge pull request #33 from cerberauth/fix-jwt-expi

fix: generate not expired jwt
cerberauth · Oct 4, 2024 · 98e3b18 · 98e3b18
2 parents 41b0c7f + 1199ad5
commit 98e3b18
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 14 deletions.
diff --git a/challenges/jwt-alg-none-bypass/cmd/jwt/root.go b/challenges/jwt-alg-none-bypass/cmd/jwt/root.go
@@ -3,6 +3,7 @@ package jwt
 import (
 	"fmt"
 	"log"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -15,8 +16,8 @@ func NewJwtCmd() (jwtCmd *cobra.Command) {
 			token := jwt.NewWithClaims(jwt.SigningMethodNone, jwt.MapClaims{
 				"sub":  "2cb307ba-bb46-4194-854f-4774046d9c9b",
 				"name": "John Doe",
-				"iat":  1516239022,
-				"exp":  1516242622,
+				"iat":  time.Now().Unix(),
+				"exp":  time.Now().Add(time.Hour).Unix(),
 			})
 			tokenString, err := token.SignedString(jwt.UnsafeAllowNoneSignatureType)
 			if err != nil {

diff --git a/challenges/jwt-blank-secret/cmd/jwt/root.go b/challenges/jwt-blank-secret/cmd/jwt/root.go
@@ -3,6 +3,7 @@ package jwt
 import (
 	"fmt"
 	"log"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -15,8 +16,8 @@ func NewJwtCmd() (jwtCmd *cobra.Command) {
 			token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 				"sub":  "2cb307ba-bb46-4194-854f-4774046d9c9b",
 				"name": "John Doe",
-				"iat":  1516239022,
-				"exp":  1516242622,
+				"iat":  time.Now().Unix(),
+				"exp":  time.Now().Add(time.Hour).Unix(),
 			})
 			tokenString, err := token.SignedString([]byte(""))
 			if err != nil {

diff --git a/challenges/jwt-not-verified/cmd/jwt/root.go b/challenges/jwt-not-verified/cmd/jwt/root.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"os"
 	"path"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -29,8 +30,8 @@ func GenerateRS512JWT(sub string) (string, error) {
 	tokenString, err := jwt.NewWithClaims(jwt.SigningMethodRS512, jwt.MapClaims{
 		"sub":  sub,
 		"name": "John Doe",
-		"iat":  1516239022,
-		"exp":  1516242622,
+		"iat":  time.Now().Unix(),
+		"exp":  time.Now().Add(time.Hour).Unix(),
 	}).SignedString(key)
 	if err != nil {
 		return "", err

diff --git a/challenges/jwt-null-signature/cmd/jwt/root.go b/challenges/jwt-null-signature/cmd/jwt/root.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"path"
 	"strings"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -30,8 +31,8 @@ func GenerateRS512JWT(sub string) (string, error) {
 	tokenString, err := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
 		"sub":  sub,
 		"name": "John Doe",
-		"iat":  1516239022,
-		"exp":  1516242622,
+		"iat":  time.Now().Unix(),
+		"exp":  time.Now().Add(time.Hour).Unix(),
 	}).SignedString(key)
 	if err != nil {
 		return "", err

diff --git a/challenges/jwt-strong-eddsa-key/cmd/jwt/root.go b/challenges/jwt-strong-eddsa-key/cmd/jwt/root.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"os"
 	"path"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -29,8 +30,8 @@ func GenerateRS512JWT(sub string) (string, error) {
 	tokenString, err := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
 		"sub":  sub,
 		"name": "John Doe",
-		"iat":  1516239022,
-		"exp":  1516242622,
+		"iat":  time.Now().Unix(),
+		"exp":  time.Now().Add(time.Hour).Unix(),
 	}).SignedString(key)
 	if err != nil {
 		return "", err

diff --git a/challenges/jwt-weak-hmac-secret/cmd/jwt/root.go b/challenges/jwt-weak-hmac-secret/cmd/jwt/root.go
@@ -3,6 +3,7 @@ package jwt
 import (
 	"fmt"
 	"log"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -15,8 +16,8 @@ func NewJwtCmd() (jwtCmd *cobra.Command) {
 			token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 				"sub":  "2cb307ba-bb46-4194-854f-4774046d9c9b",
 				"name": "John Doe",
-				"iat":  1516239022,
-				"exp":  1516242622,
+				"iat":  time.Now().Unix(),
+				"exp":  time.Now().Add(time.Hour).Unix(),
 			})
 			tokenString, err := token.SignedString([]byte("secret"))
 			if err != nil {

diff --git a/challenges/jwt-weak-rsa-key/cmd/jwt/root.go b/challenges/jwt-weak-rsa-key/cmd/jwt/root.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"os"
 	"path"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/cobra"
@@ -29,8 +30,8 @@ func GenerateRS512JWT(sub string) (string, error) {
 	tokenString, err := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
 		"sub":  sub,
 		"name": "John Doe",
-		"iat":  1516239022,
-		"exp":  1516242622,
+		"iat":  time.Now().Unix(),
+		"exp":  time.Now().Add(time.Hour).Unix(),
 	}).SignedString(key)
 	if err != nil {
 		return "", err