diff --git a/src/main/java/com/iemr/common/utils/JwtUtil.java b/src/main/java/com/iemr/common/utils/JwtUtil.java index 0a8829dc..dc29018c 100644 --- a/src/main/java/com/iemr/common/utils/JwtUtil.java +++ b/src/main/java/com/iemr/common/utils/JwtUtil.java @@ -83,19 +83,16 @@ private String buildToken(String username, String userId, String tokenType, long * @return Claims if valid, null if invalid (expired or denylisted) */ public Claims validateToken(String token) { - // Check if the token is blacklisted (invalidated by force logout) - if (tokenDenylist.isTokenDenylisted(getJtiFromToken(token))) { - return null; // Token is denylisted, so return null - } - - // Check if the token is expired - if (isTokenExpired(token)) { - return null; // Token is expired, so return null - } - - // If token is not blacklisted and not expired, verify the token signature and return claims try { - return Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(token).getPayload(); + Claims claims = Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(token).getPayload(); + String jti = claims.getId(); + + // Check if token is denylisted (only if jti exists) + if (jti != null && tokenDenylist.isTokenDenylisted(jti)) { + return null; + } + + return claims; } catch (ExpiredJwtException ex) { return null; // Token is expired, so return null @@ -104,16 +101,6 @@ public Claims validateToken(String token) { } } - /** - * Check if the JWT token is expired - * @param token the JWT token - * @return true if expired, false otherwise - */ - private boolean isTokenExpired(String token) { - Date expirationDate = getAllClaimsFromToken(token).getExpiration(); - return expirationDate.before(new Date()); - } - /** * Extract claims from the token * @param token the JWT token