From 68f00d0c0d3c4f75b10a75e37cd7d31d029b9eb3 Mon Sep 17 00:00:00 2001
From: Sergio Gutierrez Villalba <gv.sergio@gmail.com>
Date: Wed, 12 Jun 2024 14:56:30 +0200
Subject: [PATCH] fix(auth): do not allow without-expiration tokens

---
 src/config/initializers/middleware.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/config/initializers/middleware.js b/src/config/initializers/middleware.js
index 3962d973..5c9cb60d 100644
--- a/src/config/initializers/middleware.js
+++ b/src/config/initializers/middleware.js
@@ -157,6 +157,12 @@ module.exports = (App, Config) => {
    */
   Passport.use(
     new JwtStrategy(passportOpts, (payload, done) => {
+      const tokenWithoutExpiration = !payload.exp;
+
+      if (tokenWithoutExpiration) {
+        return done(new Error('Invalid token, sign in again'));
+      }
+
       /* Temporal compatibility with old JWT
        * BEGIN
        */