diff --git a/lib/json_web_token/hmac_token.rb b/lib/json_web_token/hmac_token.rb
index ec0917ab49d84f2f4335efcff10b14f6fb76dbb8..7f69a7550c7cc8133ee9cc742cd339e0c7450825 100644
--- a/lib/json_web_token/hmac_token.rb
+++ b/lib/json_web_token/hmac_token.rb
@@ -4,7 +4,7 @@
module JSONWebToken
class HMACToken < Token
- IAT_LEEWAY = 60
+ LEEWAY = 60
JWT_ALGORITHM = 'HS256'
def initialize(secret)
@@ -13,7 +13,7 @@ def initialize(secret)
@secret = secret
end
- def self.decode(token, secret, leeway: IAT_LEEWAY, verify_iat: true)
+ def self.decode(token, secret, leeway: LEEWAY, verify_iat: false)
JWT.decode(token, secret, true, leeway: leeway, verify_iat: verify_iat, algorithm: JWT_ALGORITHM)
end
diff --git a/spec/lib/json_web_token/hmac_token_spec.rb b/spec/lib/json_web_token/hmac_token_spec.rb
index 7c486b2fe1b0fb62f3594bfece360adf40d9a959..877184a4a3d15e3bb7f8569d8d5fee5631e4eef1 100644
--- a/spec/lib/json_web_token/hmac_token_spec.rb
+++ b/spec/lib/json_web_token/hmac_token_spec.rb
@@ -25,7 +25,7 @@
end
describe '.decode' do
- let(:leeway) { described_class::IAT_LEEWAY }
+ let(:leeway) { described_class::LEEWAY }
let(:decoded_token) { described_class.decode(encoded_token, secret, leeway: leeway) }
context 'with an invalid token' do
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index 619ffd8d41a190ae2578742c6468c78d0726ab6a..12b7b8d70545f8cb0347e9058698895f58ce7077 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -50,6 +50,17 @@ def perform_request(headers: gitlab_shell_internal_api_request_header)
expect(response).to have_gitlab_http_status(:ok)
end
+ it 'authenticates using a jwt token with an IAT from 10 seconds in the future' do
+ headers =
+ travel_to(Time.now + 10.seconds) do
+ gitlab_shell_internal_api_request_header
+ end
+
+ perform_request(headers: headers)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+
it 'returns 401 when jwt token is expired' do
headers = gitlab_shell_internal_api_request_header