From ad6cb16567140e99e2cffe6c75d9f95770722259 Mon Sep 17 00:00:00 2001
From: Nicolas Rotta <nicolasrotta@gmail.com>
Date: Sat, 24 Jun 2017 14:37:13 +0100
Subject: [PATCH 1/2] Added/fixed test removed in #166

---
 test/basic.test.js | 38 ++++++++++++++++++--------------------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/test/basic.test.js b/test/basic.test.js
index dca92e7..adb30d5 100644
--- a/test/basic.test.js
+++ b/test/basic.test.js
@@ -88,26 +88,24 @@ test("Try using an incorrect secret to sign the JWT", function(t) {
   });
 });
 
-// see: https://github.com/dwyl/hapi-auth-jwt2/issues/166
-// test.only("Try using an expired token", function(t) {
-//   // use the token as the 'authorization' header in requests
-//   var token = JWT.sign({ id: 123, "name": "Charlie" }, secret, { expiresInSeconds: 1 });
-//   console.log(" - - - - - - token  - - - - -")
-//   console.log(token);
-//   var options = {
-//     method: "POST",
-//     url: "/privado",
-//     headers: { authorization: "Bearer " + token  }
-//   };
-//   // server.inject lets us simulate an http request
-//   setTimeout(function () {
-//     server.inject(options, function(response) {
-//       t.equal(response.statusCode, 401, "Expired token should be invalid");
-//       t.equal(response.result.message, 'Token expired', 'Message should be "Token expired"');
-//       t.end();
-//     });
-//   }, 1000);
-// });
+test("Try using an expired token", function(t) {
+  // use the token as the 'authorization' header in requests
+  var token = JWT.sign({ id: 123, "name": "Charlie" }, secret, { expiresIn: '1s' });
+  console.log(" - - - - - - token  - - - - -")
+  console.log(token);
+  var options = {
+    method: "POST",
+    url: "/privado",
+    headers: { authorization: "Bearer " + token  }
+  };
+  // server.inject lets us simulate an http request
+  setTimeout(function () {
+    server.inject(options, function(response) {
+      t.equal(response.statusCode, 401, "Expired token should be invalid");
+      t.end();
+    });
+  }, 1100);
+});
 
 test("Token is well formed but is allowed=false so should be denied", function(t) {
   // use the token as the 'authorization' header in requests

From e4ba8f186c25d567c4ed7693cc17b5855b936985 Mon Sep 17 00:00:00 2001
From: Nicolas Rotta <nicolasrotta@gmail.com>
Date: Sun, 25 Jun 2017 16:20:54 +0100
Subject: [PATCH 2/2] Returns 'Expired token' when trying to authenticate with
 an expired token

---
 lib/index.js       | 3 ++-
 test/basic.test.js | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/index.js b/lib/index.js
index 664e611..d1703df 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -152,8 +152,9 @@ internals.implementation = function (server, options) {
                 if (verify_err) {
                   keysTried++;
                   if (keysTried >= keys.length) {
+                    var err_message = (verify_err.message === 'jwt expired' ? 'Expired token' : 'Invalid token');
                     return reply(raiseError('unauthorized',
-                      'Invalid token', tokenType), null, { credentials: null });
+                      err_message, tokenType), null, { credentials: null });
                   }
                   // There are still other keys that might work
 
diff --git a/test/basic.test.js b/test/basic.test.js
index adb30d5..138c414 100644
--- a/test/basic.test.js
+++ b/test/basic.test.js
@@ -102,6 +102,7 @@ test("Try using an expired token", function(t) {
   setTimeout(function () {
     server.inject(options, function(response) {
       t.equal(response.statusCode, 401, "Expired token should be invalid");
+      t.equal(response.result.message, 'Expired token', 'Message should be "Expired token"');
       t.end();
     });
   }, 1100);