jwt 2.8.0 → 2.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +17 -0
- data/lib/jwt/base64.rb +4 -2
- data/lib/jwt/configuration/container.rb +14 -3
- data/lib/jwt/deprecations.rb +29 -0
- data/lib/jwt/error.rb +1 -0
- data/lib/jwt/jwa/hmac_rbnacl.rb +2 -2
- data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +2 -2
- data/lib/jwt/version.rb +1 -1
- data/lib/jwt.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: af3792b982f014801d3ff7ae3410be6bd1e0b27f199c500942eb86267bb2b764
|
4
|
+
data.tar.gz: c37fc4b72cf3819210b15164548eff44579de1e8f8c48d9ce35864a84f007d9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3f61fd13a1d56c657691abb4bfde3671a7d93b5c853785b804c0d119d27f4641685828eb9c65a8e4856487782530e791ecbce5f1a5f1cb61c883daff97a44367
|
7
|
+
data.tar.gz: ef36aa81991e28cb9d3df65f1ebbeb6599eb99dee8e1953aff1a6231e91c6a3f9633e3afd22fbbc6c09f6318c4e516ee7a908428eee303f3952fed890395b267
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,17 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v2.8.1](https://github.com/jwt/ruby-jwt/tree/v2.8.1) (2024-02-29)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.0...v2.8.1)
|
6
|
+
|
7
|
+
**Features:**
|
8
|
+
|
9
|
+
- Configurable base64 decode behaviour [#589](https://github.com/jwt/ruby-jwt/pull/589) ([@anakinj](https://github.com/anakinj))
|
10
|
+
|
11
|
+
**Fixes and enhancements:**
|
12
|
+
|
13
|
+
- Output deprecation warnings once [#589](https://github.com/jwt/ruby-jwt/pull/589) ([@anakinj](https://github.com/anakinj))
|
14
|
+
|
3
15
|
## [v2.8.0](https://github.com/jwt/ruby-jwt/tree/v2.8.0) (2024-02-17)
|
4
16
|
|
5
17
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.7.1...v2.8.0)
|
data/README.md
CHANGED
@@ -43,6 +43,23 @@ The JWT spec supports NONE, HMAC, RSASSA, ECDSA and RSASSA-PSS algorithms for cr
|
|
43
43
|
|
44
44
|
See: [ JSON Web Algorithms (JWA) 3.1. "alg" (Algorithm) Header Parameter Values for JWS](https://tools.ietf.org/html/rfc7518#section-3.1)
|
45
45
|
|
46
|
+
### Deprecation warnings
|
47
|
+
|
48
|
+
Deprecation warnings are logged once (`:once` option) by default to avoid spam in logs. Other options are `:silent` to completely silence warnings and `:warn` to log every time a deprecated path is executed.
|
49
|
+
|
50
|
+
```ruby
|
51
|
+
JWT.configuration.deprecation_warnings = :warn # default is :once
|
52
|
+
```
|
53
|
+
|
54
|
+
### Base64 decoding
|
55
|
+
|
56
|
+
In the past the gem has been supporting the Base64 decoding specified in [RFC2045](https://www.rfc-editor.org/rfc/rfc2045) allowing newlines and blanks in the base64 encoded payload. In future versions base64 decoding will be stricter and only comply to [RFC4648](https://www.rfc-editor.org/rfc/rfc4648).
|
57
|
+
|
58
|
+
The stricter base64 decoding when processing tokens can be done via the `strict_base64_decoding` configuration accessor.
|
59
|
+
```ruby
|
60
|
+
JWT.configuration.strict_base64_decoding = true # default is false
|
61
|
+
```
|
62
|
+
|
46
63
|
### **NONE**
|
47
64
|
|
48
65
|
* none - unsigned token
|
data/lib/jwt/base64.rb
CHANGED
@@ -17,9 +17,11 @@ module JWT
|
|
17
17
|
::Base64.urlsafe_decode64(str)
|
18
18
|
rescue ArgumentError => e
|
19
19
|
raise unless e.message == 'invalid base64'
|
20
|
+
raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding
|
20
21
|
|
21
|
-
|
22
|
-
|
22
|
+
loose_urlsafe_decode64(str).tap do
|
23
|
+
Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
|
24
|
+
end
|
23
25
|
end
|
24
26
|
|
25
27
|
def loose_urlsafe_decode64(str)
|
@@ -6,15 +6,26 @@ require_relative 'jwk_configuration'
|
|
6
6
|
module JWT
|
7
7
|
module Configuration
|
8
8
|
class Container
|
9
|
-
attr_accessor :decode, :jwk
|
9
|
+
attr_accessor :decode, :jwk, :strict_base64_decoding
|
10
|
+
attr_reader :deprecation_warnings
|
10
11
|
|
11
12
|
def initialize
|
12
13
|
reset!
|
13
14
|
end
|
14
15
|
|
15
16
|
def reset!
|
16
|
-
@decode
|
17
|
-
@jwk
|
17
|
+
@decode = DecodeConfiguration.new
|
18
|
+
@jwk = JwkConfiguration.new
|
19
|
+
@strict_base64_decoding = false
|
20
|
+
|
21
|
+
self.deprecation_warnings = :once
|
22
|
+
end
|
23
|
+
|
24
|
+
DEPRECATION_WARNINGS_VALUES = %i[once warn silent].freeze
|
25
|
+
def deprecation_warnings=(value)
|
26
|
+
raise ArgumentError, "Invalid deprecation_warnings value #{value}. Supported values: #{DEPRECATION_WARNINGS_VALUES}" unless DEPRECATION_WARNINGS_VALUES.include?(value)
|
27
|
+
|
28
|
+
@deprecation_warnings = value
|
18
29
|
end
|
19
30
|
end
|
20
31
|
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module JWT
|
4
|
+
# Deprecations module to handle deprecation warnings in the gem
|
5
|
+
module Deprecations
|
6
|
+
class << self
|
7
|
+
def warning(message)
|
8
|
+
case JWT.configuration.deprecation_warnings
|
9
|
+
when :warn
|
10
|
+
warn("[DEPRECATION WARNING] #{message}")
|
11
|
+
when :once
|
12
|
+
return if record_warned(message)
|
13
|
+
|
14
|
+
warn("[DEPRECATION WARNING] #{message}")
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def record_warned(message)
|
21
|
+
@warned ||= []
|
22
|
+
return true if @warned.include?(message)
|
23
|
+
|
24
|
+
@warned << message
|
25
|
+
false
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/jwt/error.rb
CHANGED
data/lib/jwt/jwa/hmac_rbnacl.rb
CHANGED
@@ -7,7 +7,7 @@ module JWT
|
|
7
7
|
SUPPORTED = MAPPING.keys
|
8
8
|
class << self
|
9
9
|
def sign(algorithm, msg, key)
|
10
|
-
|
10
|
+
Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
|
11
11
|
if (hmac = resolve_algorithm(algorithm))
|
12
12
|
hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
|
13
13
|
else
|
@@ -16,7 +16,7 @@ module JWT
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def verify(algorithm, key, signing_input, signature)
|
19
|
-
|
19
|
+
Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
|
20
20
|
if (hmac = resolve_algorithm(algorithm))
|
21
21
|
hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
|
22
22
|
else
|
@@ -9,7 +9,7 @@ module JWT
|
|
9
9
|
class << self
|
10
10
|
def sign(algorithm, msg, key)
|
11
11
|
key ||= ''
|
12
|
-
|
12
|
+
Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
|
13
13
|
raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
|
14
14
|
|
15
15
|
if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
|
@@ -21,7 +21,7 @@ module JWT
|
|
21
21
|
|
22
22
|
def verify(algorithm, key, signing_input, signature)
|
23
23
|
key ||= ''
|
24
|
-
|
24
|
+
Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
|
25
25
|
raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
|
26
26
|
|
27
27
|
if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
|
data/lib/jwt/version.rb
CHANGED
data/lib/jwt.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.8.
|
4
|
+
version: 2.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Rudat
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: base64
|
@@ -129,6 +129,7 @@ files:
|
|
129
129
|
- lib/jwt/configuration/decode_configuration.rb
|
130
130
|
- lib/jwt/configuration/jwk_configuration.rb
|
131
131
|
- lib/jwt/decode.rb
|
132
|
+
- lib/jwt/deprecations.rb
|
132
133
|
- lib/jwt/encode.rb
|
133
134
|
- lib/jwt/error.rb
|
134
135
|
- lib/jwt/json.rb
|
@@ -162,7 +163,7 @@ licenses:
|
|
162
163
|
- MIT
|
163
164
|
metadata:
|
164
165
|
bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
|
165
|
-
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.
|
166
|
+
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
|
166
167
|
rubygems_mfa_required: 'true'
|
167
168
|
post_install_message:
|
168
169
|
rdoc_options: []
|