jwt 2.10.1 → 3.0.0

data/lib/jwt/deprecations.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  # Deprecations module to handle deprecation warnings in the gem
-  # @api private
-  module Deprecations
-    class << self
-      def context
-        yield.tap { emit_warnings }
-      ensure
-        Thread.current[:jwt_warning_store] = nil
-      end
-
-      def warning(message, only_if_valid: false)
-        method_name = only_if_valid ? :store : :warn
-        case JWT.configuration.deprecation_warnings
-        when :once
-          return if record_warned(message)
-        when :warn
-          # noop
-        else
-          return
-        end
-
-        send(method_name, "[DEPRECATION WARNING] #{message}")
-      end
-
-      def store(message)
-        (Thread.current[:jwt_warning_store] ||= []) << message
-      end
-
-      def emit_warnings
-        return if Thread.current[:jwt_warning_store].nil?
-
-        Thread.current[:jwt_warning_store].each { |warning| warn(warning) }
-      end
-
-      private
-
-      def record_warned(message)
-        @warned ||= []
-        return true if @warned.include?(message)
-
-        @warned << message
-        false
-      end
-    end
-  end
-end

data/lib/jwt/jwa/compat.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  module JWA
-    # Provides backwards compatibility for algorithms
-    # @api private
-    module Compat
-      # @api private
-      module ClassMethods
-        def from_algorithm(algorithm)
-          new(algorithm)
-        end
-
-        def sign(algorithm, msg, key)
-          Deprecations.warning('Support for calling sign with positional arguments will be removed in future ruby-jwt versions')
-
-          from_algorithm(algorithm).sign(data: msg, signing_key: key)
-        end
-
-        def verify(algorithm, key, signing_input, signature)
-          Deprecations.warning('Support for calling verify with positional arguments will be removed in future ruby-jwt versions')
-
-          from_algorithm(algorithm).verify(data: signing_input, signature: signature, verification_key: key)
-        end
-      end
-
-      def self.included(klass)
-        klass.extend(ClassMethods)
-      end
-    end
-  end
-end

data/lib/jwt/jwa/eddsa.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  module JWA
-    # Implementation of the EdDSA family of algorithms
-    class Eddsa
-      include JWT::JWA::SigningAlgorithm
-
-      def initialize(alg)
-        @alg = alg
-      end
-
-      def sign(data:, signing_key:)
-        raise_sign_error!("Key given is a #{signing_key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey") unless signing_key.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)
-
-        Deprecations.warning('Using Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-
-        signing_key.sign(data)
-      end
-
-      def verify(data:, signature:, verification_key:)
-        raise_verify_error!("key given is a #{verification_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey") unless verification_key.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey)
-
-        Deprecations.warning('Using Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-
-        verification_key.verify(signature, data)
-      rescue RbNaCl::CryptoError
-        false
-      end
-
-      register_algorithm(new('ED25519'))
-      register_algorithm(new('EdDSA'))
-    end
-  end
-end

data/lib/jwt/jwa/hmac_rbnacl.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  module JWA
-    # Implementation of the HMAC family of algorithms (using RbNaCl)
-    class HmacRbNaCl
-      include JWT::JWA::SigningAlgorithm
-
-      def self.from_algorithm(algorithm)
-        new(algorithm, ::RbNaCl::HMAC.const_get(algorithm.upcase.gsub('HS', 'SHA')))
-      end
-
-      def initialize(alg, hmac)
-        @alg = alg
-        @hmac = hmac
-      end
-
-      def sign(data:, signing_key:)
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        hmac.auth(key_for_rbnacl(hmac, signing_key).encode('binary'), data.encode('binary'))
-      end
-
-      def verify(data:, signature:, verification_key:)
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        hmac.verify(key_for_rbnacl(hmac, verification_key).encode('binary'), signature.encode('binary'), data.encode('binary'))
-      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
-        false
-      end
-
-      register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
-
-      private
-
-      attr_reader :hmac
-
-      def key_for_rbnacl(hmac, key)
-        key ||= ''
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
-
-        return padded_empty_key(hmac.key_bytes) if key == ''
-
-        key
-      end
-
-      def padded_empty_key(length)
-        Array.new(length, 0x0).pack('C*').encode('binary')
-      end
-    end
-  end
-end

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  module JWA
-    # Implementation of the HMAC family of algorithms (using RbNaCl prior to a certain version)
-    class HmacRbNaClFixed
-      include JWT::JWA::SigningAlgorithm
-
-      def self.from_algorithm(algorithm)
-        new(algorithm, ::RbNaCl::HMAC.const_get(algorithm.upcase.gsub('HS', 'SHA')))
-      end
-
-      def initialize(alg, hmac)
-        @alg = alg
-        @hmac = hmac
-      end
-
-      def sign(data:, signing_key:)
-        signing_key ||= ''
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless signing_key.is_a?(String)
-
-        hmac.auth(padded_key_bytes(signing_key, hmac.key_bytes), data.encode('binary'))
-      end
-
-      def verify(data:, signature:, verification_key:)
-        verification_key ||= ''
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless verification_key.is_a?(String)
-
-        hmac.verify(padded_key_bytes(verification_key, hmac.key_bytes), signature.encode('binary'), data.encode('binary'))
-      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
-        false
-      end
-
-      register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
-
-      private
-
-      attr_reader :hmac
-
-      def padded_key_bytes(key, bytesize)
-        key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
-      end
-    end
-  end
-end

data/lib/jwt/jwa/wrapper.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  module JWA
-    # @api private
-    class Wrapper
-      include SigningAlgorithm
-
-      def initialize(algorithm)
-        @algorithm = algorithm
-      end
-
-      def alg
-        return @algorithm.alg if @algorithm.respond_to?(:alg)
-
-        super
-      end
-
-      def valid_alg?(alg_to_check)
-        return @algorithm.valid_alg?(alg_to_check) if @algorithm.respond_to?(:valid_alg?)
-
-        super
-      end
-
-      def header(*args, **kwargs)
-        return @algorithm.header(*args, **kwargs) if @algorithm.respond_to?(:header)
-
-        super
-      end
-
-      def sign(*args, **kwargs)
-        return @algorithm.sign(*args, **kwargs) if @algorithm.respond_to?(:sign)
-
-        super
-      end
-
-      def verify(*args, **kwargs)
-        return @algorithm.verify(*args, **kwargs) if @algorithm.respond_to?(:verify)
-
-        super
-      end
-    end
-  end
-end

data/lib/jwt/jwk/okp_rbnacl.rb

@@ -1,109 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  module JWK
-    # JSON Web Key (JWK) representation for Ed25519 keys
-    class OKPRbNaCl < KeyBase
-      KTY  = 'OKP'
-      KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
-      OKP_PUBLIC_KEY_ELEMENTS = %i[kty n x].freeze
-      OKP_PRIVATE_KEY_ELEMENTS = %i[d].freeze
-
-      def initialize(key, params = nil, options = {})
-        params ||= {}
-        Deprecations.warning('Using the OKP JWK for Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-        # For backwards compatibility when kid was a String
-        params = { kid: params } if params.is_a?(String)
-
-        key_params = extract_key_params(key)
-
-        params = params.transform_keys(&:to_sym)
-        check_jwk_params!(key_params, params)
-        super(options, key_params.merge(params))
-      end
-
-      def verify_key
-        return @verify_key if defined?(@verify_key)
-
-        @verify_key = verify_key_from_parameters
-      end
-
-      def signing_key
-        return @signing_key if defined?(@signing_key)
-
-        @signing_key = signing_key_from_parameters
-      end
-
-      def key_digest
-        Thumbprint.new(self).to_s
-      end
-
-      def private?
-        !signing_key.nil?
-      end
-
-      def members
-        OKP_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
-      end
-
-      def export(options = {})
-        exported = parameters.clone
-        exported.reject! { |k, _| OKP_PRIVATE_KEY_ELEMENTS.include?(k) } unless private? && options[:include_private] == true
-        exported
-      end
-
-      private
-
-      def extract_key_params(key)
-        case key
-        when JWT::JWK::KeyBase
-          key.export(include_private: true)
-        when RbNaCl::Signatures::Ed25519::SigningKey
-          @signing_key = key
-          @verify_key = key.verify_key
-          parse_okp_key_params(@verify_key, @signing_key)
-        when RbNaCl::Signatures::Ed25519::VerifyKey
-          @signing_key = nil
-          @verify_key = key
-          parse_okp_key_params(@verify_key)
-        when Hash
-          key.transform_keys(&:to_sym)
-        else
-          raise ArgumentError, 'key must be of type RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey or Hash with key parameters'
-        end
-      end
-
-      def check_jwk_params!(key_params, _given_params)
-        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
-      end
-
-      def parse_okp_key_params(verify_key, signing_key = nil)
-        params = {
-          kty: KTY,
-          crv: 'Ed25519',
-          x: ::JWT::Base64.url_encode(verify_key.to_bytes)
-        }
-
-        params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes) if signing_key
-
-        params
-      end
-
-      def verify_key_from_parameters
-        RbNaCl::Signatures::Ed25519::VerifyKey.new(::JWT::Base64.url_decode(self[:x]))
-      end
-
-      def signing_key_from_parameters
-        return nil unless self[:d]
-
-        RbNaCl::Signatures::Ed25519::SigningKey.new(::JWT::Base64.url_decode(self[:d]))
-      end
-
-      class << self
-        def import(jwk_data)
-          new(jwk_data)
-        end
-      end
-    end
-  end
-end

data/lib/jwt/verify.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'error'
-
-module JWT
-  # @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
-  class Verify
-    DEFAULTS = { leeway: 0 }.freeze
-    METHODS = %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].freeze
-
-    private_constant(:DEFAULTS, :METHODS)
-    class << self
-      METHODS.each do |method_name|
-        define_method(method_name) do |payload, options|
-          new(payload, options).send(method_name)
-        end
-      end
-
-      # @deprecated This method is deprecated and will be removed in the next major version of ruby-jwt.
-      def verify_claims(payload, options)
-        Deprecations.warning('The ::JWT::Verify.verify_claims method is deprecated and will be removed in the next major version of ruby-jwt')
-        ::JWT::Claims.verify!(payload, options)
-        true
-      end
-    end
-
-    # @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
-    def initialize(payload, options)
-      Deprecations.warning('The ::JWT::Verify class is deprecated and will be removed in the next major version of ruby-jwt')
-      @payload = payload
-      @options = DEFAULTS.merge(options)
-    end
-
-    METHODS.each do |method_name|
-      define_method(method_name) do
-        ::JWT::Claims.verify!(@payload, @options.merge(method_name => true))
-      end
-    end
-  end
-end