Bug: Login fails with expired JWT tokens

[wistfulvariable]

When a user's JWT token has expired, the validateToken function returns true instead of false. This causes authenticated requests to succeed with stale credentials.\n\nSteps to reproduce:\n1. Log in and get a JWT\n2. Wait for token to expire\n3. Try to access protected route\n4. Request succeeds when it should fail\n\nExpected: 401 Unauthorized\nActual: 200 OK with stale session

[wistfulvariable]

I can reproduce this on v2.3.1. The token check at line 2 only validates length, not structure or expiry. This is a critical security issue.

[github-actions]

Automated triage: This bug has been confirmed on v2.3.1 and v2.4.0. Priority elevated to P1. Assigning to security team.

[github-actions]

Automated triage: This bug has been confirmed on v2.3.1 and v2.4.0. Priority elevated to P1. Assigning to security team.

[github-actions]

Automated triage: This bug has been confirmed on v2.3.1 and v2.4.0. Priority elevated to P1. Assigning to security team.