RubyGems - jwt - Versions diffs - 2.8.1 → 2.8.2 - Mend

jwt 2.8.1 → 2.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/lib/jwt/base64.rb +1 -1
data/lib/jwt/configuration/jwk_configuration.rb +1 -1
data/lib/jwt/decode.rb +10 -10
data/lib/jwt/deprecations.rb +24 -5
data/lib/jwt/jwk/ec.rb +20 -20
data/lib/jwt/jwk/key_finder.rb +4 -4
data/lib/jwt/jwk/set.rb +1 -1
data/lib/jwt/verify.rb +9 -9
data/lib/jwt/version.rb +1 -1
data/lib/jwt/x5c_key_finder.rb +2 -2
data/lib/jwt.rb +3 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: af3792b982f014801d3ff7ae3410be6bd1e0b27f199c500942eb86267bb2b764
-  data.tar.gz: c37fc4b72cf3819210b15164548eff44579de1e8f8c48d9ce35864a84f007d9a
+  metadata.gz: 5fc1b13d678680a3d1b23e06cad091deb0f3ffff77783a99cd1d1f7231938563
+  data.tar.gz: f7d3f5294cb3b6ba57c2772a58c50ee2d55cf6412db6b707a38c74b381662777
 SHA512:
-  metadata.gz: 3f61fd13a1d56c657691abb4bfde3671a7d93b5c853785b804c0d119d27f4641685828eb9c65a8e4856487782530e791ecbce5f1a5f1cb61c883daff97a44367
-  data.tar.gz: ef36aa81991e28cb9d3df65f1ebbeb6599eb99dee8e1953aff1a6231e91c6a3f9633e3afd22fbbc6c09f6318c4e516ee7a908428eee303f3952fed890395b267
+  metadata.gz: 5f4602ed313d982db0a2e469c2fc3b58aa0de226f85e332501628d9f7b59ed8a84e78691b57f14ddf153c4be028e9b3caa13d9b3231996c798e9e63f69f4d10a
+  data.tar.gz: a3ed20caccfe2c2979426b41a6e0bbeeabe67157643c4571836642f48ccf76ba8f58bb3270501eeefcbd53e1d027de1b558310a083360ca644157934ce3c06bf

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,14 @@
 # Changelog
+## [v2.8.2](https://github.com/jwt/ruby-jwt/tree/v2.8.2) (2024-06-18)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.1...v2.8.2)
+**Fixes and enhancements:**
+- Print deprecation warnings only on when token decoding succeeds [#600](https://github.com/jwt/ruby-jwt/pull/600) ([@anakinj](https://github.com/anakinj))
+- Unify code style [#602](https://github.com/jwt/ruby-jwt/pull/602) ([@anakinj](https://github.com/anakinj))
 ## [v2.8.1](https://github.com/jwt/ruby-jwt/tree/v2.8.1) (2024-02-29)
 [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.0...v2.8.1)

data/lib/jwt/base64.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module JWT
         raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding
         loose_urlsafe_decode64(str).tap do
-          Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
+          Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt', only_if_valid: true)
         end
       end

data/lib/jwt/configuration/jwk_configuration.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module JWT
                                JWT::JWK::Thumbprint
                              else
                                raise ArgumentError, "#{value} is not a valid kid generator type."
-        end
+                             end
       end
       attr_accessor :kid_generator

data/lib/jwt/decode.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module JWT
   # Decoding logic for JWT
   class Decode
     def initialize(jwt, key, verify, options, &keyfinder)
-      raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+      raise JWT::DecodeError, 'Nil JSON web token' unless jwt
       @jwt = jwt
       @key = key
@@ -30,7 +30,7 @@ module JWT
         verify_signature
         verify_claims
       end
-      raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
+      raise JWT::DecodeError, 'Not enough or too many segments' unless header && payload
       [payload, header]
     end
@@ -46,21 +46,21 @@ module JWT
       return if Array(@key).any? { |key| verify_signature_for?(key) }
-      raise(JWT::VerificationError, 'Signature verification failed')
+      raise JWT::VerificationError, 'Signature verification failed'
     end
     def verify_algo
-      raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
-      raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless alg_in_header
-      raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') if allowed_and_valid_algorithms.empty?
+      raise JWT::IncorrectAlgorithm, 'An algorithm must be specified' if allowed_algorithms.empty?
+      raise JWT::IncorrectAlgorithm, 'Token is missing alg header' unless alg_in_header
+      raise JWT::IncorrectAlgorithm, 'Expected a different algorithm' if allowed_and_valid_algorithms.empty?
     end
     def set_key
       @key = find_key(&@keyfinder) if @keyfinder
       @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks], allow_nil_kid: @options[:allow_nil_kid]).key_for(header['kid']) if @options[:jwks]
-      if (x5c_options = @options[:x5c])
-        @key = X5cKeyFinder.new(x5c_options[:root_certificates], x5c_options[:crls]).from(header['x5c'])
-      end
+      return unless (x5c_options = @options[:x5c])
+      @key = X5cKeyFinder.new(x5c_options[:root_certificates], x5c_options[:crls]).from(header['x5c'])
     end
     def verify_signature_for?(key)
@@ -122,7 +122,7 @@ module JWT
       return if !@verify && segment_length == 2 # If no verifying required, the signature is not needed
       return if segment_length == 2 && none_algorithm?
-      raise(JWT::DecodeError, 'Not enough or too many segments')
+      raise JWT::DecodeError, 'Not enough or too many segments'
     end
     def segment_length

data/lib/jwt/deprecations.rb CHANGED Viewed

@@ -4,15 +4,34 @@ module JWT
   # Deprecations module to handle deprecation warnings in the gem
   module Deprecations
     class << self
-      def warning(message)
+      def context
+        yield.tap { emit_warnings }
+      ensure
+        Thread.current[:jwt_warning_store] = nil
+      end
+      def warning(message, only_if_valid: false)
+        method_name = only_if_valid ? :store : :warn
         case JWT.configuration.deprecation_warnings
-        when :warn
-          warn("[DEPRECATION WARNING] #{message}")
         when :once
           return if record_warned(message)
-          warn("[DEPRECATION WARNING] #{message}")
+        when :warn
+          # noop
+        else
+          return
         end
+        send(method_name, "[DEPRECATION WARNING] #{message}")
+      end
+      def store(message)
+        (Thread.current[:jwt_warning_store] ||= []) << message
+      end
+      def emit_warnings
+        return if Thread.current[:jwt_warning_store].nil?
+        Thread.current[:jwt_warning_store].each { |warning| warn(warning) }
       end
       private

data/lib/jwt/jwk/ec.rb CHANGED Viewed

@@ -153,26 +153,26 @@ module JWT
           )
           sequence = if jwk_d
-            # https://datatracker.ietf.org/doc/html/rfc5915.html
-            # ECPrivateKey ::= SEQUENCE {
-            #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-            #   privateKey     OCTET STRING,
-            #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
-            #   publicKey  [1] BIT STRING OPTIONAL
-            # }
-            OpenSSL::ASN1::Sequence([
-                                      OpenSSL::ASN1::Integer(1),
-                                      OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
-                                      OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
-                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
-                                    ])
-          else
-            OpenSSL::ASN1::Sequence([
-                                      OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
-                                      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
-                                    ])
-          end
+                       # https://datatracker.ietf.org/doc/html/rfc5915.html
+                       # ECPrivateKey ::= SEQUENCE {
+                       #   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+                       #   privateKey     OCTET STRING,
+                       #   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+                       #   publicKey  [1] BIT STRING OPTIONAL
+                       # }
+                       OpenSSL::ASN1::Sequence([
+                                                 OpenSSL::ASN1::Integer(1),
+                                                 OpenSSL::ASN1::OctetString(OpenSSL::BN.new(decode_octets(jwk_d), 2).to_s(2)),
+                                                 OpenSSL::ASN1::ObjectId(curve, 0, :EXPLICIT),
+                                                 OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+                                               ])
+                     else
+                       OpenSSL::ASN1::Sequence([
+                                                 OpenSSL::ASN1::Sequence([OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve)]),
+                                                 OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                               ])
+                     end
           OpenSSL::PKey::EC.new(sequence.to_der)
         end

data/lib/jwt/jwk/key_finder.rb CHANGED Viewed

@@ -8,10 +8,10 @@ module JWT
         jwks_or_loader = options[:jwks]
         @jwks_loader = if jwks_or_loader.respond_to?(:call)
-          jwks_or_loader
-        else
-          ->(_options) { jwks_or_loader }
-        end
+                         jwks_or_loader
+                       else
+                         ->(_options) { jwks_or_loader }
+                       end
       end
       def key_for(kid)

data/lib/jwt/jwk/set.rb CHANGED Viewed

@@ -25,7 +25,7 @@ module JWT
                   jwks.map { |k| JWT::JWK.new(k, nil, options) }
                 else
                   raise ArgumentError, 'Can only create new JWKS from Hash, Array and JWK'
-        end
+                end
       end
       def export(options = {})

data/lib/jwt/verify.rb CHANGED Viewed

@@ -34,19 +34,19 @@ module JWT
       return unless (options_aud = @options[:aud])
       aud = @payload['aud']
-      raise(JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{aud || '<none>'}") if ([*aud] & [*options_aud]).empty?
+      raise JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{aud || '<none>'}" if ([*aud] & [*options_aud]).empty?
     end
     def verify_expiration
       return unless contains_key?(@payload, 'exp')
-      raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
+      raise JWT::ExpiredSignature, 'Signature has expired' if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
     end
     def verify_iat
       return unless contains_key?(@payload, 'iat')
       iat = @payload['iat']
-      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
+      raise JWT::InvalidIatError, 'Invalid iat' if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
     end
     def verify_iss
@@ -60,7 +60,7 @@ module JWT
       when *options_iss
         nil
       else
-        raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
+        raise JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}"
       end
     end
@@ -70,29 +70,29 @@ module JWT
       if options_verify_jti.respond_to?(:call)
         verified = options_verify_jti.arity == 2 ? options_verify_jti.call(jti, @payload) : options_verify_jti.call(jti)
-        raise(JWT::InvalidJtiError, 'Invalid jti') unless verified
+        raise JWT::InvalidJtiError, 'Invalid jti' unless verified
       elsif jti.to_s.strip.empty?
-        raise(JWT::InvalidJtiError, 'Missing jti')
+        raise JWT::InvalidJtiError, 'Missing jti'
       end
     end
     def verify_not_before
       return unless contains_key?(@payload, 'nbf')
-      raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
+      raise JWT::ImmatureSignature, 'Signature nbf has not been reached' if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
     end
     def verify_sub
       return unless (options_sub = @options[:sub])
       sub = @payload['sub']
-      raise(JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{sub || '<none>'}") unless sub.to_s == options_sub.to_s
+      raise JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{sub || '<none>'}" unless sub.to_s == options_sub.to_s
     end
     def verify_required_claims
       return unless (options_required_claims = @options[:required_claims])
       options_required_claims.each do |required_claim|
-        raise(JWT::MissingRequiredClaim, "Missing required claim #{required_claim}") unless contains_key?(@payload, required_claim)
+        raise JWT::MissingRequiredClaim, "Missing required claim #{required_claim}" unless contains_key?(@payload, required_claim)
       end
     end

data/lib/jwt/version.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module JWT
     # minor version
     MINOR = 8
     # tiny version
-    TINY  = 1
+    TINY  = 2
     # alpha, beta, etc. tag
     PRE   = nil

data/lib/jwt/x5c_key_finder.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module JWT
   # See https://tools.ietf.org/html/rfc7515#section-4.1.6
   class X5cKeyFinder
     def initialize(root_certificates, crls = nil)
-      raise(ArgumentError, 'Root certificates must be specified') unless root_certificates
+      raise ArgumentError, 'Root certificates must be specified' unless root_certificates
       @store = build_store(root_certificates, crls)
     end
@@ -24,7 +24,7 @@ module JWT
           error = "#{error} Certificate subject: #{current_cert.subject}."
         end
-        raise(JWT::VerificationError, error)
+        raise JWT::VerificationError, error
       end
     end

data/lib/jwt.rb CHANGED Viewed

@@ -27,6 +27,8 @@ module JWT
   end
   def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
-    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
+    Deprecations.context do
+      Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.8.1
+  version: 2.8.2
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-29 00:00:00.000000000 Z
+date: 2024-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -163,7 +163,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.2/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -180,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby