From 95efd7083d691df6f01c8d1f9a55bee281c0fc4c Mon Sep 17 00:00:00 2001
From: Lionello Lunesu <lio+git@lunesu.com>
Date: Thu, 14 Feb 2019 20:55:02 +0800
Subject: [PATCH 1/2] Force use_strict during testing

---
 package.json | 2 +-
 sign.js      | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index f019a61..1c8ea5c 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
   },
   "scripts": {
     "lint": "eslint .",
-    "coverage": "nyc mocha",
+    "coverage": "nyc mocha --use_strict",
     "test": "npm run lint && npm run coverage && cost-of-modules"
   },
   "repository": {
diff --git a/sign.js b/sign.js
index de80b02..4a493d3 100644
--- a/sign.js
+++ b/sign.js
@@ -140,10 +140,10 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
 
   var timestamp = payload.iat || Math.floor(Date.now() / 1000);
 
-  if (!options.noTimestamp) {
-    payload.iat = timestamp;
-  } else {
+  if (options.noTimestamp) {
     delete payload.iat;
+  } else if (isObjectPayload) {
+    payload.iat = timestamp;
   }
 
   if (typeof options.notBefore !== 'undefined') {

From 54bf00e73f1a8af5f9b1734103ceb07efb961fcd Mon Sep 17 00:00:00 2001
From: Lionello Lunesu <lio+git@lunesu.com>
Date: Tue, 19 Feb 2019 07:46:06 +0800
Subject: [PATCH 2/2] Add string payload test cases to .iat tests

---
 test/claim-iat.test.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/test/claim-iat.test.js b/test/claim-iat.test.js
index a1c63ba..5bf8df7 100644
--- a/test/claim-iat.test.js
+++ b/test/claim-iat.test.js
@@ -248,4 +248,30 @@ describe('issue at', function() {
       });
     });
   });
+
+  describe('with string payload', function () {
+    it('should not add iat to string', function (done) {
+      const payload = 'string payload';
+      const options = {algorithm: 'none'};
+      testUtils.signJWTHelper(payload, 'secret', options, (err, token) => {
+        const decoded = jwt.decode(token);
+        testUtils.asyncCheck(done, () => {
+          expect(err).to.be.null;
+          expect(decoded).to.equal(payload);
+        });
+      });
+    });
+
+    it('should not add iat to stringified object', function (done) {
+      const payload = '{}';
+      const options = {algorithm: 'none', header: {typ: 'JWT'}};
+      testUtils.signJWTHelper(payload, 'secret', options, (err, token) => {
+        const decoded = jwt.decode(token);
+        testUtils.asyncCheck(done, () => {
+          expect(err).to.equal(null);
+          expect(JSON.stringify(decoded)).to.equal(payload);
+        });
+      });
+    });
+  });
 });