RubyGems - jwt - Versions diffs - 2.10.2 → 3.2.0 - Mend

jwt 2.10.2 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +104 -41
data/CODE_OF_CONDUCT.md +14 -14
data/CONTRIBUTING.md +11 -12
data/README.md +190 -221
data/UPGRADING.md +47 -0
data/lib/jwt/base64.rb +1 -10
data/lib/jwt/claims/numeric.rb +0 -32
data/lib/jwt/claims.rb +0 -7
data/lib/jwt/configuration/container.rb +0 -1
data/lib/jwt/configuration/decode_configuration.rb +7 -2
data/lib/jwt/decode.rb +25 -16
data/lib/jwt/encoded_token/claims_context.rb +23 -0
data/lib/jwt/encoded_token.rb +97 -14
data/lib/jwt/error.rb +0 -3
data/lib/jwt/jwa/ecdsa.rb +25 -4
data/lib/jwt/jwa/hmac.rb +28 -10
data/lib/jwt/jwa/ps.rb +1 -0
data/lib/jwt/jwa/rsa.rb +1 -0
data/lib/jwt/jwa/signer_context.rb +19 -0
data/lib/jwt/jwa/signing_algorithm.rb +0 -1
data/lib/jwt/jwa/verifier_context.rb +21 -0
data/lib/jwt/jwa.rb +43 -26
data/lib/jwt/jwk/ec.rb +52 -62
data/lib/jwt/jwk/hmac.rb +3 -3
data/lib/jwt/jwk/key_base.rb +15 -1
data/lib/jwt/jwk/key_finder.rb +35 -9
data/lib/jwt/jwk/rsa.rb +6 -2
data/lib/jwt/jwk.rb +0 -1
data/lib/jwt/token.rb +26 -7
data/lib/jwt/version.rb +4 -28
data/lib/jwt/x5c_key_finder.rb +1 -1
data/lib/jwt.rb +1 -7
data/ruby-jwt.gemspec +1 -0
metadata +21 -13
data/lib/jwt/claims/verification_methods.rb +0 -20
data/lib/jwt/claims_validator.rb +0 -18
data/lib/jwt/deprecations.rb +0 -49
data/lib/jwt/jwa/compat.rb +0 -32
data/lib/jwt/jwa/eddsa.rb +0 -35
data/lib/jwt/jwa/hmac_rbnacl.rb +0 -50
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +0 -47
data/lib/jwt/jwa/wrapper.rb +0 -44
data/lib/jwt/jwk/okp_rbnacl.rb +0 -109
data/lib/jwt/verify.rb +0 -40

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.10.2
+  version: 3.2.0
 platform: ruby
 authors:
 - Tim Rudat
@@ -51,6 +51,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: irb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: logger
   requirement: !ruby/object:Gem::Requirement
@@ -134,6 +148,7 @@ files:
 - CONTRIBUTING.md
 - LICENSE
 - README.md
+- UPGRADING.md
 - lib/jwt.rb
 - lib/jwt/base64.rb
 - lib/jwt/claims.rb
@@ -148,44 +163,37 @@ files:
 - lib/jwt/claims/numeric.rb
 - lib/jwt/claims/required.rb
 - lib/jwt/claims/subject.rb
-- lib/jwt/claims/verification_methods.rb
 - lib/jwt/claims/verifier.rb
-- lib/jwt/claims_validator.rb
 - lib/jwt/configuration.rb
 - lib/jwt/configuration/container.rb
 - lib/jwt/configuration/decode_configuration.rb
 - lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
-- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/encoded_token.rb
+- lib/jwt/encoded_token/claims_context.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
 - lib/jwt/jwa.rb
-- lib/jwt/jwa/compat.rb
 - lib/jwt/jwa/ecdsa.rb
-- lib/jwt/jwa/eddsa.rb
 - lib/jwt/jwa/hmac.rb
-- lib/jwt/jwa/hmac_rbnacl.rb
-- lib/jwt/jwa/hmac_rbnacl_fixed.rb
 - lib/jwt/jwa/none.rb
 - lib/jwt/jwa/ps.rb
 - lib/jwt/jwa/rsa.rb
+- lib/jwt/jwa/signer_context.rb
 - lib/jwt/jwa/signing_algorithm.rb
 - lib/jwt/jwa/unsupported.rb
-- lib/jwt/jwa/wrapper.rb
+- lib/jwt/jwa/verifier_context.rb
 - lib/jwt/jwk.rb
 - lib/jwt/jwk/ec.rb
 - lib/jwt/jwk/hmac.rb
 - lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
 - lib/jwt/jwk/kid_as_key_digest.rb
-- lib/jwt/jwk/okp_rbnacl.rb
 - lib/jwt/jwk/rsa.rb
 - lib/jwt/jwk/set.rb
 - lib/jwt/jwk/thumbprint.rb
 - lib/jwt/token.rb
-- lib/jwt/verify.rb
 - lib/jwt/version.rb
 - lib/jwt/x5c_key_finder.rb
 - ruby-jwt.gemspec
@@ -194,7 +202,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.10.2/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v3.2.0/CHANGELOG.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -210,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 4.0.10
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
 test_files: []

data/lib/jwt/claims/verification_methods.rb DELETED Viewed

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module Claims
-    # @api private
-    module VerificationMethods
-      def verify_claims!(*options)
-        Verifier.verify!(self, *options)
-      end
-      def claim_errors(*options)
-        Verifier.errors(self, *options)
-      end
-      def valid_claims?(*options)
-        claim_errors(*options).empty?
-      end
-    end
-  end
-end

data/lib/jwt/claims_validator.rb DELETED Viewed

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  # @deprecated Use `Claims.verify_payload!` directly instead.
-  class ClaimsValidator
-    # @deprecated Use `Claims.verify_payload!` directly instead.
-    def initialize(payload)
-      Deprecations.warning('The ::JWT::ClaimsValidator class is deprecated and will be removed in the next major version of ruby-jwt')
-      @payload = payload
-    end
-    # @deprecated Use `Claims.verify_payload!` directly instead.
-    def validate!
-      Claims.verify_payload!(@payload, :numeric)
-      true
-    end
-  end
-end

data/lib/jwt/deprecations.rb DELETED Viewed

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  # Deprecations module to handle deprecation warnings in the gem
-  # @api private
-  module Deprecations
-    class << self
-      def context
-        yield.tap { emit_warnings }
-      ensure
-        Thread.current[:jwt_warning_store] = nil
-      end
-      def warning(message, only_if_valid: false)
-        method_name = only_if_valid ? :store : :warn
-        case JWT.configuration.deprecation_warnings
-        when :once
-          return if record_warned(message)
-        when :warn
-          # noop
-        else
-          return
-        end
-        send(method_name, "[DEPRECATION WARNING] #{message}")
-      end
-      def store(message)
-        (Thread.current[:jwt_warning_store] ||= []) << message
-      end
-      def emit_warnings
-        return if Thread.current[:jwt_warning_store].nil?
-        Thread.current[:jwt_warning_store].each { |warning| warn(warning) }
-      end
-      private
-      def record_warned(message)
-        @warned ||= []
-        return true if @warned.include?(message)
-        @warned << message
-        false
-      end
-    end
-  end
-end

data/lib/jwt/jwa/compat.rb DELETED Viewed

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Provides backwards compatibility for algorithms
-    # @api private
-    module Compat
-      # @api private
-      module ClassMethods
-        def from_algorithm(algorithm)
-          new(algorithm)
-        end
-        def sign(algorithm, msg, key)
-          Deprecations.warning('Support for calling sign with positional arguments will be removed in future ruby-jwt versions')
-          from_algorithm(algorithm).sign(data: msg, signing_key: key)
-        end
-        def verify(algorithm, key, signing_input, signature)
-          Deprecations.warning('Support for calling verify with positional arguments will be removed in future ruby-jwt versions')
-          from_algorithm(algorithm).verify(data: signing_input, signature: signature, verification_key: key)
-        end
-      end
-      def self.included(klass)
-        klass.extend(ClassMethods)
-      end
-    end
-  end
-end

data/lib/jwt/jwa/eddsa.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Implementation of the EdDSA family of algorithms
-    class Eddsa
-      include JWT::JWA::SigningAlgorithm
-      def initialize(alg)
-        @alg = alg
-      end
-      def sign(data:, signing_key:)
-        raise_sign_error!("Key given is a #{signing_key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey") unless signing_key.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)
-        Deprecations.warning('Using the EdDSA algorithm is deprecated and will be removed in a future version of ruby-jwt. In the future the algorithm will be provided by the jwt-eddsa gem.')
-        signing_key.sign(data)
-      end
-      def verify(data:, signature:, verification_key:)
-        raise_verify_error!("key given is a #{verification_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey") unless verification_key.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey)
-        Deprecations.warning('Using the EdDSA algorithm is deprecated and will be removed in a future version of ruby-jwt. In the future the algorithm will be provided by the jwt-eddsa gem.')
-        verification_key.verify(signature, data)
-      rescue RbNaCl::CryptoError
-        false
-      end
-      register_algorithm(new('ED25519'))
-      register_algorithm(new('EdDSA'))
-    end
-  end
-end

data/lib/jwt/jwa/hmac_rbnacl.rb DELETED Viewed

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Implementation of the HMAC family of algorithms (using RbNaCl)
-    class HmacRbNaCl
-      include JWT::JWA::SigningAlgorithm
-      def self.from_algorithm(algorithm)
-        new(algorithm, ::RbNaCl::HMAC.const_get(algorithm.upcase.gsub('HS', 'SHA')))
-      end
-      def initialize(alg, hmac)
-        @alg = alg
-        @hmac = hmac
-      end
-      def sign(data:, signing_key:)
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        hmac.auth(key_for_rbnacl(hmac, signing_key).encode('binary'), data.encode('binary'))
-      end
-      def verify(data:, signature:, verification_key:)
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        hmac.verify(key_for_rbnacl(hmac, verification_key).encode('binary'), signature.encode('binary'), data.encode('binary'))
-      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
-        false
-      end
-      register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
-      private
-      attr_reader :hmac
-      def key_for_rbnacl(hmac, key)
-        key ||= ''
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
-        return padded_empty_key(hmac.key_bytes) if key == ''
-        key
-      end
-      def padded_empty_key(length)
-        Array.new(length, 0x0).pack('C*').encode('binary')
-      end
-    end
-  end
-end

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # Implementation of the HMAC family of algorithms (using RbNaCl prior to a certain version)
-    class HmacRbNaClFixed
-      include JWT::JWA::SigningAlgorithm
-      def self.from_algorithm(algorithm)
-        new(algorithm, ::RbNaCl::HMAC.const_get(algorithm.upcase.gsub('HS', 'SHA')))
-      end
-      def initialize(alg, hmac)
-        @alg = alg
-        @hmac = hmac
-      end
-      def sign(data:, signing_key:)
-        signing_key ||= ''
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless signing_key.is_a?(String)
-        hmac.auth(padded_key_bytes(signing_key, hmac.key_bytes), data.encode('binary'))
-      end
-      def verify(data:, signature:, verification_key:)
-        verification_key ||= ''
-        Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
-        raise JWT::DecodeError, 'HMAC key expected to be a String' unless verification_key.is_a?(String)
-        hmac.verify(padded_key_bytes(verification_key, hmac.key_bytes), signature.encode('binary'), data.encode('binary'))
-      rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
-        false
-      end
-      register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
-      private
-      attr_reader :hmac
-      def padded_key_bytes(key, bytesize)
-        key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
-      end
-    end
-  end
-end

data/lib/jwt/jwa/wrapper.rb DELETED Viewed

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWA
-    # @api private
-    class Wrapper
-      include SigningAlgorithm
-      def initialize(algorithm)
-        @algorithm = algorithm
-      end
-      def alg
-        return @algorithm.alg if @algorithm.respond_to?(:alg)
-        super
-      end
-      def valid_alg?(alg_to_check)
-        return @algorithm.valid_alg?(alg_to_check) if @algorithm.respond_to?(:valid_alg?)
-        super
-      end
-      def header(*args, **kwargs)
-        return @algorithm.header(*args, **kwargs) if @algorithm.respond_to?(:header)
-        super
-      end
-      def sign(*args, **kwargs)
-        return @algorithm.sign(*args, **kwargs) if @algorithm.respond_to?(:sign)
-        super
-      end
-      def verify(*args, **kwargs)
-        return @algorithm.verify(*args, **kwargs) if @algorithm.respond_to?(:verify)
-        super
-      end
-    end
-  end
-end

data/lib/jwt/jwk/okp_rbnacl.rb DELETED Viewed

@@ -1,109 +0,0 @@
-# frozen_string_literal: true
-module JWT
-  module JWK
-    # JSON Web Key (JWK) representation for Ed25519 keys
-    class OKPRbNaCl < KeyBase
-      KTY  = 'OKP'
-      KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
-      OKP_PUBLIC_KEY_ELEMENTS = %i[kty n x].freeze
-      OKP_PRIVATE_KEY_ELEMENTS = %i[d].freeze
-      def initialize(key, params = nil, options = {})
-        params ||= {}
-        Deprecations.warning('Using the OKP JWK for Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
-        # For backwards compatibility when kid was a String
-        params = { kid: params } if params.is_a?(String)
-        key_params = extract_key_params(key)
-        params = params.transform_keys(&:to_sym)
-        check_jwk_params!(key_params, params)
-        super(options, key_params.merge(params))
-      end
-      def verify_key
-        return @verify_key if defined?(@verify_key)
-        @verify_key = verify_key_from_parameters
-      end
-      def signing_key
-        return @signing_key if defined?(@signing_key)
-        @signing_key = signing_key_from_parameters
-      end
-      def key_digest
-        Thumbprint.new(self).to_s
-      end
-      def private?
-        !signing_key.nil?
-      end
-      def members
-        OKP_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
-      end
-      def export(options = {})
-        exported = parameters.clone
-        exported.reject! { |k, _| OKP_PRIVATE_KEY_ELEMENTS.include?(k) } unless private? && options[:include_private] == true
-        exported
-      end
-      private
-      def extract_key_params(key)
-        case key
-        when JWT::JWK::KeyBase
-          key.export(include_private: true)
-        when RbNaCl::Signatures::Ed25519::SigningKey
-          @signing_key = key
-          @verify_key = key.verify_key
-          parse_okp_key_params(@verify_key, @signing_key)
-        when RbNaCl::Signatures::Ed25519::VerifyKey
-          @signing_key = nil
-          @verify_key = key
-          parse_okp_key_params(@verify_key)
-        when Hash
-          key.transform_keys(&:to_sym)
-        else
-          raise ArgumentError, 'key must be of type RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey or Hash with key parameters'
-        end
-      end
-      def check_jwk_params!(key_params, _given_params)
-        raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
-      end
-      def parse_okp_key_params(verify_key, signing_key = nil)
-        params = {
-          kty: KTY,
-          crv: 'Ed25519',
-          x: ::JWT::Base64.url_encode(verify_key.to_bytes)
-        }
-        params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes) if signing_key
-        params
-      end
-      def verify_key_from_parameters
-        RbNaCl::Signatures::Ed25519::VerifyKey.new(::JWT::Base64.url_decode(self[:x]))
-      end
-      def signing_key_from_parameters
-        return nil unless self[:d]
-        RbNaCl::Signatures::Ed25519::SigningKey.new(::JWT::Base64.url_decode(self[:d]))
-      end
-      class << self
-        def import(jwk_data)
-          new(jwk_data)
-        end
-      end
-    end
-  end
-end

data/lib/jwt/verify.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-require_relative 'error'
-module JWT
-  # @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
-  class Verify
-    DEFAULTS = { leeway: 0 }.freeze
-    METHODS = %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].freeze
-    private_constant(:DEFAULTS, :METHODS)
-    class << self
-      METHODS.each do |method_name|
-        define_method(method_name) do |payload, options|
-          new(payload, options).send(method_name)
-        end
-      end
-      # @deprecated This method is deprecated and will be removed in the next major version of ruby-jwt.
-      def verify_claims(payload, options)
-        Deprecations.warning('The ::JWT::Verify.verify_claims method is deprecated and will be removed in the next major version of ruby-jwt')
-        ::JWT::Claims.verify!(payload, options)
-        true
-      end
-    end
-    # @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
-    def initialize(payload, options)
-      Deprecations.warning('The ::JWT::Verify class is deprecated and will be removed in the next major version of ruby-jwt')
-      @payload = payload
-      @options = DEFAULTS.merge(options)
-    end
-    METHODS.each do |method_name|
-      define_method(method_name) do
-        ::JWT::Claims.verify!(@payload, @options.merge(method_name => true))
-      end
-    end
-  end
-end