From 17af03b58183f34ad1d1f0f46995315e67f43031 Mon Sep 17 00:00:00 2001 From: Morgan Chen Date: Mon, 25 Jun 2018 14:30:31 -0700 Subject: Fix bad JWT parsing --- Firebase/Auth/CHANGELOG.md | 3 +++ Firebase/Auth/Source/FIRUser.m | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Firebase/Auth/CHANGELOG.md b/Firebase/Auth/CHANGELOG.md index 2669fc0..d70626b 100644 --- a/Firebase/Auth/CHANGELOG.md +++ b/Firebase/Auth/CHANGELOG.md @@ -1,3 +1,6 @@ +# v5.0.3 +- Fix an issue where JWT date timestamps weren't parsed correctly. + # v5.0.2 - Fix an issue where anonymous accounts weren't correctly promoted to non-anonymous when linked with passwordless email auth accounts. diff --git a/Firebase/Auth/Source/FIRUser.m b/Firebase/Auth/Source/FIRUser.m index 3f5bf35..9bae744 100644 --- a/Firebase/Auth/Source/FIRUser.m +++ b/Firebase/Auth/Source/FIRUser.m @@ -890,12 +890,14 @@ static void callInMainThreadWithAuthDataResultAndError( return nil; } + // These are dates since 00:00:00 January 1 1970, as described by the Terminology section in + // the JWT spec. https://tools.ietf.org/html/rfc7519 NSDate *expDate = - [NSDate dateWithTimeIntervalSinceNow:[tokenPayloadDictionary[@"exp"] doubleValue]]; + [NSDate dateWithTimeIntervalSince1970:[tokenPayloadDictionary[@"exp"] doubleValue]]; NSDate *authDate = - [NSDate dateWithTimeIntervalSinceNow:[tokenPayloadDictionary[@"auth_time"] doubleValue]]; + [NSDate dateWithTimeIntervalSince1970:[tokenPayloadDictionary[@"auth_time"] doubleValue]]; NSDate *issuedDate = - [NSDate dateWithTimeIntervalSinceNow:[tokenPayloadDictionary[@"iat"] doubleValue]]; + [NSDate dateWithTimeIntervalSince1970:[tokenPayloadDictionary[@"iat"] doubleValue]]; FIRAuthTokenResult *result = [[FIRAuthTokenResult alloc] initWithToken:token expirationDate:expDate -- cgit v1.2.3