fix: use claim constructor to set leeway and consider it during initial validation

Author: alessandrodolci

src/Claims/DatetimeTrait.php

@@ -25,6 +25,19 @@ trait DatetimeTrait
      */
     protected $leeway = 0;
 
+    /**
+     * @param  mixed  $value
+     * @param  int  $leeway
+     *
+     * @return void
+     */
+    public function __construct($value, $leeway = 0)
+    {
+        $this->leeway = $leeway;
+
+        parent::__construct($value);
+    }
+
     /**
      * Set the claim value, and call a validate method.
      *

src/Claims/Factory.php

@@ -76,11 +76,7 @@ public function __construct(Request $request)
     public function get($name, $value)
     {
         if ($this->has($name)) {
-            $claim = new $this->classMap[$name]($value);
-
-            return method_exists($claim, 'setLeeway') ?
-                $claim->setLeeway($this->leeway) :
-                $claim;
+            return new $this->classMap[$name]($value, $this->leeway);
         }
 
         return new Custom($name, $value);

tests/Claims/DatetimeClaimTest.php

@@ -24,6 +24,7 @@
 use Tymon\JWTAuth\Claims\JwtId;
 use Tymon\JWTAuth\Claims\NotBefore;
 use Tymon\JWTAuth\Claims\Subject;
+use Tymon\JWTAuth\Exceptions\JWTException;
 use Tymon\JWTAuth\Payload;
 use Tymon\JWTAuth\Test\AbstractTestCase;
 use Tymon\JWTAuth\Validators\PayloadValidator;
@@ -57,6 +58,37 @@ public function setUp(): void
         ];
     }
 
+    /** @test */
+    public function it_should_return_same_class_instance_when_setting_the_leeway()
+    {
+        $exp = new Expiration($this->testNowTimestamp + 3600);
+        $nbf = new NotBefore($this->testNowTimestamp);
+        $iat = new IssuedAt($this->testNowTimestamp);
+
+        $this->assertInstanceOf(Expiration::class, $exp->setLeeway(5));
+        $this->assertInstanceOf(NotBefore::class, $nbf->setLeeway(5));
+        $this->assertInstanceOf(IssuedAt::class, $iat->setLeeway(5));
+    }
+
+    /** @test */
+    public function it_should_consider_the_leeway_when_performing_validations()
+    {
+        $futureTimestamp = $this->testNowTimestamp + 5;
+        $pastTimestmap = $this->testNowTimestamp - 5;
+
+        try {
+            $exp = new Expiration($pastTimestmap, 10);
+            $nbf = new NotBefore($futureTimestamp, 10);
+            $iat = new IssuedAt($futureTimestamp, 10);
+
+            $exp->validatePayload();
+            $nbf->validatePayload();
+            $iat->validatePayload();
+        } catch (JWTException $ignored) {
+            $this->fail("Failed asserting that the leeway is considered when validating tokens");
+        }
+    }
+
     /** @test */
     public function it_should_handle_carbon_claims()
     {

tests/Claims/FactoryTest.php

@@ -57,6 +57,12 @@ public function it_should_get_the_ttl()
         $this->assertSame($ttl, $this->factory->getTTL());
     }
 
+    /** @test */
+    public function it_should_return_same_class_instance_when_setting_the_leeway()
+    {
+        $this->assertInstanceOf(Factory::class, $this->factory->setLeeway(5));
+    }
+
     /** @test */
     public function it_should_get_a_defined_claim_instance_when_passing_a_name_and_value()
     {