From 2136b5d0522e9f8540d02bd66819c0281b1a7d40 Mon Sep 17 00:00:00 2001
From: "Taisen.fr (Dev)" <vaca@hotmail.fr>
Date: Thu, 30 May 2024 10:26:17 +0200
Subject: [PATCH] Dbg JWT

---
 Identity/VLAIdentity.cs | 7 +++++--
 README.md               | 1 -
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Identity/VLAIdentity.cs b/Identity/VLAIdentity.cs
index ed061f7..e50b0ab 100644
--- a/Identity/VLAIdentity.cs
+++ b/Identity/VLAIdentity.cs
@@ -54,9 +54,11 @@ Vérifie la validité du token JWT passé en paramètre
             var TokenHandler = new JwtSecurityTokenHandler();
             var Key = Encoding.ASCII.GetBytes(Secret);
             bool Result = true;
+            Token = Token.Substring("Bearer ".Length);
+
             try
             {
-                var JwtSecurityToken = TokenHandler.ReadJwtToken(Token.Substring("Bearer ".Length));
+                var JwtSecurityToken = TokenHandler.ReadJwtToken(Token);
                 if (JwtSecurityToken.Header.Alg == "HS256" && JwtSecurityToken.Header.Typ == "JWT")
                 {
                     TokenHandler.ValidateToken(Token, new TokenValidationParameters
@@ -65,12 +67,13 @@ Vérifie la validité du token JWT passé en paramètre
                         IssuerSigningKey = new SymmetricSecurityKey(Key),
                         ValidateIssuer = false,
                         ValidateAudience = false,
+                        ValidateLifetime = true,
                     }, out SecurityToken validatedToken);
 
                     var JwtToken = (JwtSecurityToken)validatedToken;
                 }
             }
-            catch { Result = false; }
+            catch(Exception e) { Result = false; }
 
             return Result;
         }
diff --git a/README.md b/README.md
index a67b78c..560993e 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,6 @@
 | CWE-829 | Local File Inclusion | Easy | 500-2.000$|
 | CWE-918 | Server-Side Request Forgery (SSRF) | Medium | 1.000$-10.000$|
 | CWE-1270 | Generation of Incorrect Security Tokens | Medium | 1.000-20.000$ |
-| CWE-1395 | Dependency on Vulnerable Third-Party Component | Easy | 0-500$ |
 
 
 ## 🏭 Context