From 4aef7c5ac5a8d9856472ed1621ed74685e4c5cf9 Mon Sep 17 00:00:00 2001
From: ManyTheFish <many@meilisearch.com>
Date: Tue, 15 Mar 2022 16:10:33 +0100
Subject: [PATCH] Fix tenant token validation when exp is null

---
 meilisearch-http/src/extractors/authentication/mod.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/meilisearch-http/src/extractors/authentication/mod.rs b/meilisearch-http/src/extractors/authentication/mod.rs
index ebd5abf01..43949144b 100644
--- a/meilisearch-http/src/extractors/authentication/mod.rs
+++ b/meilisearch-http/src/extractors/authentication/mod.rs
@@ -144,6 +144,7 @@ pub mod policies {
     pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| {
         let mut validation = Validation::default();
         validation.validate_exp = false;
+        validation.required_spec_claims.remove("exp");
         validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
         validation
     });
@@ -205,9 +206,7 @@ pub mod policies {
                 return None;
             }
 
-            let mut validation = Validation::default();
-            validation.validate_exp = false;
-            validation.validate_nbf = false;
+            let mut validation = TENANT_TOKEN_VALIDATION.clone();
             validation.insecure_disable_signature_validation();
             let dummy_key = DecodingKey::from_secret(b"secret");
             let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;