From ed94ed499f28e60b16d285370938a3356f599ac2 Mon Sep 17 00:00:00 2001
From: Luciano Balmaceda <balmacedaluciano@gmail.com>
Date: Wed, 21 Feb 2018 16:48:43 -0300
Subject: [PATCH 1/2] throw JWTDecodeException when date claim format is
 invalid

---
 .../main/java/com/auth0/jwt/impl/PayloadDeserializer.java | 5 ++++-
 lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java       | 2 +-
 .../java/com/auth0/jwt/impl/PayloadDeserializerTest.java  | 8 +++++---
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
index 38068872..8f872cb4 100644
--- a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
+++ b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
@@ -65,9 +65,12 @@ List<String> getStringOrArray(Map<String, JsonNode> tree, String claimName) thro
 
     Date getDateFromSeconds(Map<String, JsonNode> tree, String claimName) {
         JsonNode node = tree.get(claimName);
-        if (node == null || node.isNull() || !node.canConvertToLong()) {
+        if (node == null || node.isNull()) {
             return null;
         }
+        if (!node.canConvertToLong()) {
+            throw new JWTDecodeException(String.format("The claim '%s' contained an unexpected value.", claimName));
+        }
         final long ms = node.asLong() * 1000;
         return new Date(ms);
     }
diff --git a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
index a482685e..e164dc07 100644
--- a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
+++ b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
@@ -275,7 +275,7 @@ public void shouldGetCustomMapClaim() throws Exception {
 
     @Test
     public void shouldGetAvailableClaims() throws Exception {
-        DecodedJWT jwt = JWT.decode("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIxMjM0NTY3ODkwIiwiaWF0IjoiMTIzNDU2Nzg5MCIsIm5iZiI6IjEyMzQ1Njc4OTAiLCJqdGkiOiJodHRwczovL2p3dC5pby8iLCJhdWQiOiJodHRwczovL2RvbWFpbi5hdXRoMC5jb20iLCJzdWIiOiJsb2dpbiIsImlzcyI6ImF1dGgwIiwiZXh0cmFDbGFpbSI6IkpvaG4gRG9lIn0.TX9Ct4feGp9YyeGK9Zl91tO0YBOrguJ4As9jeqgHdZQ");
+        DecodedJWT jwt = JWT.decode("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEyMzQ1Njc4OTAsImlhdCI6MTIzNDU2Nzg5MCwibmJmIjoxMjM0NTY3ODkwLCJqdGkiOiJodHRwczovL2p3dC5pby8iLCJhdWQiOiJodHRwczovL2RvbWFpbi5hdXRoMC5jb20iLCJzdWIiOiJsb2dpbiIsImlzcyI6ImF1dGgwIiwiZXh0cmFDbGFpbSI6IkpvaG4gRG9lIn0.2_0nxDPJwOk64U5V5V9pt8U92jTPJbGsHYQ35HYhbdE");
         assertThat(jwt, is(notNullValue()));
         assertThat(jwt.getClaims(), is(notNullValue()));
         assertThat(jwt.getClaims(), is(instanceOf(Map.class)));
diff --git a/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java b/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
index 014ae838..7fe9145c 100644
--- a/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
+++ b/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
@@ -198,13 +198,15 @@ public void shouldGetNullDateWhenParsingNull() throws Exception {
     }
 
     @Test
-    public void shouldGetNullDateWhenParsingNonNumericNode() throws Exception {
+    public void shouldThrowWhenParsingNonNumericNode() throws Exception {
+        exception.expect(JWTDecodeException.class);
+        exception.expectMessage("The claim 'key' contained an unexpected value.");
+
         Map<String, JsonNode> tree = new HashMap<>();
         TextNode node = new TextNode("123456789");
         tree.put("key", node);
 
-        Date date = deserializer.getDateFromSeconds(tree, "key");
-        assertThat(date, is(nullValue()));
+        deserializer.getDateFromSeconds(tree, "key");
     }
 
     @Test

From 95e7e517c1027af336ac2933acd8e6e3c4b397e6 Mon Sep 17 00:00:00 2001
From: Luciano Balmaceda <balmacedaluciano@gmail.com>
Date: Tue, 29 May 2018 12:07:49 -0300
Subject: [PATCH 2/2] change exception message

---
 lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java   | 2 +-
 .../test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
index 8f872cb4..43047bfc 100644
--- a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
+++ b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
@@ -69,7 +69,7 @@ Date getDateFromSeconds(Map<String, JsonNode> tree, String claimName) {
             return null;
         }
         if (!node.canConvertToLong()) {
-            throw new JWTDecodeException(String.format("The claim '%s' contained an unexpected value.", claimName));
+            throw new JWTDecodeException(String.format("The claim '%s' contained a non-numeric date value.", claimName));
         }
         final long ms = node.asLong() * 1000;
         return new Date(ms);
diff --git a/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java b/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
index 7fe9145c..2e2cabed 100644
--- a/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
+++ b/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
@@ -200,7 +200,7 @@ public void shouldGetNullDateWhenParsingNull() throws Exception {
     @Test
     public void shouldThrowWhenParsingNonNumericNode() throws Exception {
         exception.expect(JWTDecodeException.class);
-        exception.expectMessage("The claim 'key' contained an unexpected value.");
+        exception.expectMessage("The claim 'key' contained a non-numeric date value.");
 
         Map<String, JsonNode> tree = new HashMap<>();
         TextNode node = new TextNode("123456789");