RubyGems - jwt - Versions diffs - 2.8.0 → 2.8.1 - Mend

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/README.md +17 -0
data/lib/jwt/base64.rb +4 -2
data/lib/jwt/configuration/container.rb +14 -3
data/lib/jwt/deprecations.rb +29 -0
data/lib/jwt/error.rb +1 -0
data/lib/jwt/jwa/hmac_rbnacl.rb +2 -2
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +2 -2
data/lib/jwt/version.rb +1 -1
data/lib/jwt.rb +1 -0
metadata +4 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79758529bec5a1fad3183ee054a2e47e800f6611681f9f9052cbb92ea645b4ef
-  data.tar.gz: d9bffb9bb0e855a2da3cc04ec0d3ee82174555b2bc23cceec8901b4c50b9a42a
+  metadata.gz: af3792b982f014801d3ff7ae3410be6bd1e0b27f199c500942eb86267bb2b764
+  data.tar.gz: c37fc4b72cf3819210b15164548eff44579de1e8f8c48d9ce35864a84f007d9a
 SHA512:
-  metadata.gz: e9622f261b3a037cfc6dddfdd8f452a123c0c0443a3599565830cc000f7a20eec9f5ad673450bd485a47a8c666e6c9c95729c2d8cc123c984e5d0a255ed41dc4
-  data.tar.gz: d0ef0c055249ac588d0cb26bc4ead5b1b607ae738eda5c0775723ca62640a9df092c3e07774c9fcb6545b9946d730f0260d40c2fc9e272fb7ec0ec62aa6f2b80
+  metadata.gz: 3f61fd13a1d56c657691abb4bfde3671a7d93b5c853785b804c0d119d27f4641685828eb9c65a8e4856487782530e791ecbce5f1a5f1cb61c883daff97a44367
+  data.tar.gz: ef36aa81991e28cb9d3df65f1ebbeb6599eb99dee8e1953aff1a6231e91c6a3f9633e3afd22fbbc6c09f6318c4e516ee7a908428eee303f3952fed890395b267

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## [v2.8.1](https://github.com/jwt/ruby-jwt/tree/v2.8.1) (2024-02-29)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.0...v2.8.1)
+**Features:**
+- Configurable base64 decode behaviour [#589](https://github.com/jwt/ruby-jwt/pull/589) ([@anakinj](https://github.com/anakinj))
+**Fixes and enhancements:**
+- Output deprecation warnings once [#589](https://github.com/jwt/ruby-jwt/pull/589) ([@anakinj](https://github.com/anakinj))
 ## [v2.8.0](https://github.com/jwt/ruby-jwt/tree/v2.8.0) (2024-02-17)
 [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.7.1...v2.8.0)

data/README.md CHANGED Viewed

@@ -43,6 +43,23 @@ The JWT spec supports NONE, HMAC, RSASSA, ECDSA and RSASSA-PSS algorithms for cr
 See: [ JSON Web Algorithms (JWA) 3.1. "alg" (Algorithm) Header Parameter Values for JWS](https://tools.ietf.org/html/rfc7518#section-3.1)
+### Deprecation warnings
+Deprecation warnings are logged once (`:once` option) by default to avoid spam in logs. Other options are `:silent` to completely silence warnings and `:warn` to log every time a deprecated path is executed.
+```ruby
+  JWT.configuration.deprecation_warnings = :warn # default is :once
+```
+### Base64 decoding
+In the past the gem has been supporting the Base64 decoding specified in [RFC2045](https://www.rfc-editor.org/rfc/rfc2045) allowing newlines and blanks in the base64 encoded payload. In future versions base64 decoding will be stricter and only comply to [RFC4648](https://www.rfc-editor.org/rfc/rfc4648).
+The stricter base64 decoding when processing tokens can be done via the `strict_base64_decoding` configuration accessor.
+```ruby
+  JWT.configuration.strict_base64_decoding = true # default is false
+```
 ### **NONE**
 * none - unsigned token

data/lib/jwt/base64.rb CHANGED Viewed

@@ -17,9 +17,11 @@ module JWT
         ::Base64.urlsafe_decode64(str)
       rescue ArgumentError => e
         raise unless e.message == 'invalid base64'
+        raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding
-        warn('[DEPRECATION] Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
-        loose_urlsafe_decode64(str)
+        loose_urlsafe_decode64(str).tap do
+          Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
+        end
       end
       def loose_urlsafe_decode64(str)

data/lib/jwt/configuration/container.rb CHANGED Viewed

@@ -6,15 +6,26 @@ require_relative 'jwk_configuration'
 module JWT
   module Configuration
     class Container
-      attr_accessor :decode, :jwk
+      attr_accessor :decode, :jwk, :strict_base64_decoding
+      attr_reader :deprecation_warnings
       def initialize
         reset!
       end
       def reset!
-        @decode = DecodeConfiguration.new
-        @jwk    = JwkConfiguration.new
+        @decode                 = DecodeConfiguration.new
+        @jwk                    = JwkConfiguration.new
+        @strict_base64_decoding = false
+        self.deprecation_warnings = :once
+      end
+      DEPRECATION_WARNINGS_VALUES = %i[once warn silent].freeze
+      def deprecation_warnings=(value)
+        raise ArgumentError, "Invalid deprecation_warnings value #{value}. Supported values: #{DEPRECATION_WARNINGS_VALUES}" unless DEPRECATION_WARNINGS_VALUES.include?(value)
+        @deprecation_warnings = value
       end
     end
   end

data/lib/jwt/deprecations.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module JWT
+  # Deprecations module to handle deprecation warnings in the gem
+  module Deprecations
+    class << self
+      def warning(message)
+        case JWT.configuration.deprecation_warnings
+        when :warn
+          warn("[DEPRECATION WARNING] #{message}")
+        when :once
+          return if record_warned(message)
+          warn("[DEPRECATION WARNING] #{message}")
+        end
+      end
+      private
+      def record_warned(message)
+        @warned ||= []
+        return true if @warned.include?(message)
+        @warned << message
+        false
+      end
+    end
+  end
+end

data/lib/jwt/error.rb CHANGED Viewed

@@ -17,6 +17,7 @@ module JWT
   class InvalidJtiError < DecodeError; end
   class InvalidPayload < DecodeError; end
   class MissingRequiredClaim < DecodeError; end
+  class Base64DecodeError < DecodeError; end
   class JWKError < DecodeError; end
 end

data/lib/jwt/jwa/hmac_rbnacl.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module JWT
       SUPPORTED = MAPPING.keys
       class << self
         def sign(algorithm, msg, key)
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           if (hmac = resolve_algorithm(algorithm))
             hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
           else
@@ -16,7 +16,7 @@ module JWT
         end
         def verify(algorithm, key, signing_input, signature)
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           if (hmac = resolve_algorithm(algorithm))
             hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
           else

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module JWT
       class << self
         def sign(algorithm, msg, key)
           key ||= ''
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
           if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
@@ -21,7 +21,7 @@ module JWT
         def verify(algorithm, key, signing_input, signature)
           key ||= ''
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
           if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes

data/lib/jwt/version.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module JWT
     # minor version
     MINOR = 8
     # tiny version
-    TINY  = 0
+    TINY  = 1
     # alpha, beta, etc. tag
     PRE   = nil

data/lib/jwt.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require 'jwt/base64'
 require 'jwt/json'
 require 'jwt/decode'
 require 'jwt/configuration'
+require 'jwt/deprecations'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.8.1
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-17 00:00:00.000000000 Z
+date: 2024-02-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -129,6 +129,7 @@ files:
 - lib/jwt/configuration/decode_configuration.rb
 - lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
+- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
@@ -162,7 +163,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.0/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []

jwt 2.8.0 → 2.8.1