jwt 2.9.3 → 2.10.0

data/lib/jwt/token.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+module JWT
+  # Represents a JWT token
+  #
+  # Basic token signed using the HS256 algorithm:
+  #
+  #   token = JWT::Token.new(payload: {pay: 'load'})
+  #   token.sign!(algorithm: 'HS256', key: 'secret')
+  #   token.jwt # => eyJhb....
+  #
+  # Custom headers will be combined with generated headers:
+  #   token = JWT::Token.new(payload: {pay: 'load'}, header: {custom: "value"})
+  #   token.sign!(algorithm: 'HS256', key: 'secret')
+  #   token.header # => {"custom"=>"value", "alg"=>"HS256"}
+  #
+  class Token
+    include Claims::VerificationMethods
+
+    # Initializes a new Token instance.
+    #
+    # @param header [Hash] the header of the JWT token.
+    # @param payload [Hash] the payload of the JWT token.
+    def initialize(payload:, header: {})
+      @header  = header&.transform_keys(&:to_s)
+      @payload = payload
+    end
+
+    # Returns the decoded signature of the JWT token.
+    #
+    # @return [String] the decoded signature of the JWT token.
+    def signature
+      @signature ||= ::JWT::Base64.url_decode(encoded_signature || '')
+    end
+
+    # Returns the encoded signature of the JWT token.
+    #
+    # @return [String] the encoded signature of the JWT token.
+    def encoded_signature
+      @encoded_signature ||= ::JWT::Base64.url_encode(signature)
+    end
+
+    # Returns the decoded header of the JWT token.
+    #
+    # @return [Hash] the header of the JWT token.
+    attr_reader :header
+
+    # Returns the encoded header of the JWT token.
+    #
+    # @return [String] the encoded header of the JWT token.
+    def encoded_header
+      @encoded_header ||= ::JWT::Base64.url_encode(JWT::JSON.generate(header))
+    end
+
+    # Returns the payload of the JWT token.
+    #
+    # @return [Hash] the payload of the JWT token.
+    attr_reader :payload
+
+    # Returns the encoded payload of the JWT token.
+    #
+    # @return [String] the encoded payload of the JWT token.
+    def encoded_payload
+      @encoded_payload ||= ::JWT::Base64.url_encode(JWT::JSON.generate(payload))
+    end
+
+    # Returns the signing input of the JWT token.
+    #
+    # @return [String] the signing input of the JWT token.
+    def signing_input
+      @signing_input ||= [encoded_header, encoded_payload].join('.')
+    end
+
+    # Returns the JWT token as a string.
+    #
+    # @return [String] the JWT token as a string.
+    # @raise [JWT::EncodeError] if the token is not signed or other encoding issues
+    def jwt
+      @jwt ||= (@signature && [encoded_header, @detached_payload ? '' : encoded_payload, encoded_signature].join('.')) || raise(::JWT::EncodeError, 'Token is not signed')
+    end
+
+    # Detaches the payload according to https://datatracker.ietf.org/doc/html/rfc7515#appendix-F
+    #
+    def detach_payload!
+      @detached_payload = true
+
+      nil
+    end
+
+    # Signs the JWT token.
+    #
+    # @param algorithm [String, Object] the algorithm to use for signing.
+    # @param key [String] the key to use for signing.
+    # @return [void]
+    # @raise [JWT::EncodeError] if the token is already signed or other problems when signing
+    def sign!(algorithm:, key:)
+      raise ::JWT::EncodeError, 'Token already signed' if @signature
+
+      JWA.resolve(algorithm).tap do |algo|
+        header.merge!(algo.header)
+        @signature = algo.sign(data: signing_input, signing_key: key)
+      end
+
+      nil
+    end
+
+    # Returns the JWT token as a string.
+    #
+    # @return [String] the JWT token as a string.
+    alias to_s jwt
+  end
+end

data/lib/jwt/verify.rb

@@ -3,10 +3,12 @@
 require_relative 'error'
 
 module JWT
+  # @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
   class Verify
     DEFAULTS = { leeway: 0 }.freeze
     METHODS = %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].freeze
 
+    private_constant(:DEFAULTS, :METHODS)
     class << self
       METHODS.each do |method_name|
         define_method(method_name) do |payload, options|
@@ -14,13 +16,17 @@ module JWT
         end
       end
 
+      # @deprecated This method is deprecated and will be removed in the next major version of ruby-jwt.
       def verify_claims(payload, options)
+        Deprecations.warning('The ::JWT::Verify.verify_claims method is deprecated and will be removed in the next major version of ruby-jwt')
         ::JWT::Claims.verify!(payload, options)
         true
       end
     end
 
+    # @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
     def initialize(payload, options)
+      Deprecations.warning('The ::JWT::Verify class is deprecated and will be removed in the next major version of ruby-jwt')
       @payload = payload
       @options = DEFAULTS.merge(options)
     end

data/lib/jwt/version.rb

@@ -1,44 +1,67 @@
 # frozen_string_literal: true
 
-# Moments version builder module
+# JSON Web Token implementation
+#
+# Should be up to date with the latest spec:
+# https://tools.ietf.org/html/rfc7519
 module JWT
+  # Returns the gem version of the JWT library.
+  #
+  # @return [Gem::Version] the gem version.
   def self.gem_version
-    Gem::Version.new VERSION::STRING
+    Gem::Version.new(VERSION::STRING)
   end
 
-  # Moments version builder module
+  # @api private
   module VERSION
-    # major version
     MAJOR = 2
-    # minor version
-    MINOR = 9
-    # tiny version
-    TINY  = 3
-    # alpha, beta, etc. tag
+    MINOR = 10
+    TINY  = 0
     PRE   = nil
 
-    # Build version string
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
+
+    private_constant(:MAJOR, :MINOR, :TINY, :PRE)
   end
 
+  # Checks if the OpenSSL version is 3 or greater.
+  #
+  # @return [Boolean] true if OpenSSL version is 3 or greater, false otherwise.
+  # @api private
   def self.openssl_3?
     return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
 
     true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
   end
 
+  # Checks if the RbNaCl library is defined.
+  #
+  # @return [Boolean] true if RbNaCl is defined, false otherwise.
+  # @api private
   def self.rbnacl?
     defined?(::RbNaCl)
   end
 
+  # Checks if the RbNaCl library version is 6.0.0 or greater.
+  #
+  # @return [Boolean] true if RbNaCl version is 6.0.0 or greater, false otherwise.
+  # @api private
   def self.rbnacl_6_or_greater?
     rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
   end
 
+  # Checks if there is an OpenSSL 3 HMAC empty key regression.
+  #
+  # @return [Boolean] true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.
+  # @api private
   def self.openssl_3_hmac_empty_key_regression?
     openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
   end
 
+  # Returns the OpenSSL version.
+  #
+  # @return [Gem::Version] the OpenSSL version.
+  # @api private
   def self.openssl_version
     @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
   end

data/lib/jwt.rb

@@ -10,6 +10,8 @@ require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'
 require 'jwt/claims'
+require 'jwt/encoded_token'
+require 'jwt/token'
 
 require 'jwt/claims_validator'
 require 'jwt/verify'
@@ -23,6 +25,13 @@ module JWT
 
   module_function
 
+  # Encodes a payload into a JWT.
+  #
+  # @param payload [Hash] the payload to encode.
+  # @param key [String] the key used to sign the JWT.
+  # @param algorithm [String] the algorithm used to sign the JWT.
+  # @param header_fields [Hash] additional headers to include in the JWT.
+  # @return [String] the encoded JWT.
   def encode(payload, key, algorithm = 'HS256', header_fields = {})
     Encode.new(payload: payload,
                key: key,
@@ -30,6 +39,13 @@ module JWT
                headers: header_fields).segments
   end
 
+  # Decodes a JWT to extract the payload and header
+  #
+  # @param jwt [String] the JWT to decode.
+  # @param key [String] the key used to verify the JWT.
+  # @param verify [Boolean] whether to verify the JWT signature.
+  # @param options [Hash] additional options for decoding.
+  # @return [Array<Hash>] the decoded payload and headers.
   def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
     Deprecations.context do
       Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.9.3
+  version: 2.10.0
 platform: ruby
 authors:
 - Tim Rudat
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-10-03 00:00:00.000000000 Z
+date: 2024-12-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -125,6 +125,7 @@ files:
 - lib/jwt/base64.rb
 - lib/jwt/claims.rb
 - lib/jwt/claims/audience.rb
+- lib/jwt/claims/crit.rb
 - lib/jwt/claims/decode_verifier.rb
 - lib/jwt/claims/expiration.rb
 - lib/jwt/claims/issued_at.rb
@@ -134,6 +135,7 @@ files:
 - lib/jwt/claims/numeric.rb
 - lib/jwt/claims/required.rb
 - lib/jwt/claims/subject.rb
+- lib/jwt/claims/verification_methods.rb
 - lib/jwt/claims/verifier.rb
 - lib/jwt/claims_validator.rb
 - lib/jwt/configuration.rb
@@ -143,6 +145,7 @@ files:
 - lib/jwt/decode.rb
 - lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
+- lib/jwt/encoded_token.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
 - lib/jwt/jwa.rb
@@ -168,6 +171,7 @@ files:
 - lib/jwt/jwk/rsa.rb
 - lib/jwt/jwk/set.rb
 - lib/jwt/jwk/thumbprint.rb
+- lib/jwt/token.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
 - lib/jwt/x5c_key_finder.rb
@@ -177,7 +181,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.9.3/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.10.0/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
@@ -194,7 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.22
 signing_key: 
 specification_version: 4
 summary: JSON Web Token implementation in Ruby