RubyGems - jwt - Versions diffs - 2.8.0 → 2.8.1 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/README.md +17 -0
data/lib/jwt/base64.rb +4 -2
data/lib/jwt/configuration/container.rb +14 -3
data/lib/jwt/deprecations.rb +29 -0
data/lib/jwt/error.rb +1 -0
data/lib/jwt/jwa/hmac_rbnacl.rb +2 -2
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +2 -2
data/lib/jwt/version.rb +1 -1
data/lib/jwt.rb +1 -0
metadata +4 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79758529bec5a1fad3183ee054a2e47e800f6611681f9f9052cbb92ea645b4ef
-  data.tar.gz: d9bffb9bb0e855a2da3cc04ec0d3ee82174555b2bc23cceec8901b4c50b9a42a
+  metadata.gz: af3792b982f014801d3ff7ae3410be6bd1e0b27f199c500942eb86267bb2b764
+  data.tar.gz: c37fc4b72cf3819210b15164548eff44579de1e8f8c48d9ce35864a84f007d9a
 SHA512:
-  metadata.gz: e9622f261b3a037cfc6dddfdd8f452a123c0c0443a3599565830cc000f7a20eec9f5ad673450bd485a47a8c666e6c9c95729c2d8cc123c984e5d0a255ed41dc4
-  data.tar.gz: d0ef0c055249ac588d0cb26bc4ead5b1b607ae738eda5c0775723ca62640a9df092c3e07774c9fcb6545b9946d730f0260d40c2fc9e272fb7ec0ec62aa6f2b80
+  metadata.gz: 3f61fd13a1d56c657691abb4bfde3671a7d93b5c853785b804c0d119d27f4641685828eb9c65a8e4856487782530e791ecbce5f1a5f1cb61c883daff97a44367
+  data.tar.gz: ef36aa81991e28cb9d3df65f1ebbeb6599eb99dee8e1953aff1a6231e91c6a3f9633e3afd22fbbc6c09f6318c4e516ee7a908428eee303f3952fed890395b267

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## [v2.8.1](https://github.com/jwt/ruby-jwt/tree/v2.8.1) (2024-02-29)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.0...v2.8.1)
+**Features:**
+- Configurable base64 decode behaviour [#589](https://github.com/jwt/ruby-jwt/pull/589) ([@anakinj](https://github.com/anakinj))
+**Fixes and enhancements:**
+- Output deprecation warnings once [#589](https://github.com/jwt/ruby-jwt/pull/589) ([@anakinj](https://github.com/anakinj))
 ## [v2.8.0](https://github.com/jwt/ruby-jwt/tree/v2.8.0) (2024-02-17)
 [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.7.1...v2.8.0)

data/README.md CHANGED Viewed

@@ -43,6 +43,23 @@ The JWT spec supports NONE, HMAC, RSASSA, ECDSA and RSASSA-PSS algorithms for cr
 See: [ JSON Web Algorithms (JWA) 3.1. "alg" (Algorithm) Header Parameter Values for JWS](https://tools.ietf.org/html/rfc7518#section-3.1)
+### Deprecation warnings
+Deprecation warnings are logged once (`:once` option) by default to avoid spam in logs. Other options are `:silent` to completely silence warnings and `:warn` to log every time a deprecated path is executed.
+```ruby
+  JWT.configuration.deprecation_warnings = :warn # default is :once
+```
+### Base64 decoding
+In the past the gem has been supporting the Base64 decoding specified in [RFC2045](https://www.rfc-editor.org/rfc/rfc2045) allowing newlines and blanks in the base64 encoded payload. In future versions base64 decoding will be stricter and only comply to [RFC4648](https://www.rfc-editor.org/rfc/rfc4648).
+The stricter base64 decoding when processing tokens can be done via the `strict_base64_decoding` configuration accessor.
+```ruby
+  JWT.configuration.strict_base64_decoding = true # default is false
+```
 ### **NONE**
 * none - unsigned token

data/lib/jwt/base64.rb CHANGED Viewed

@@ -17,9 +17,11 @@ module JWT
         ::Base64.urlsafe_decode64(str)
       rescue ArgumentError => e
         raise unless e.message == 'invalid base64'
+        raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding
-        warn('[DEPRECATION] Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
-        loose_urlsafe_decode64(str)
+        loose_urlsafe_decode64(str).tap do
+          Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
+        end
       end
       def loose_urlsafe_decode64(str)

data/lib/jwt/configuration/container.rb CHANGED Viewed

@@ -6,15 +6,26 @@ require_relative 'jwk_configuration'
 module JWT
   module Configuration
     class Container
-      attr_accessor :decode, :jwk
+      attr_accessor :decode, :jwk, :strict_base64_decoding
+      attr_reader :deprecation_warnings
       def initialize
         reset!
       end
       def reset!
-        @decode = DecodeConfiguration.new
-        @jwk    = JwkConfiguration.new
+        @decode                 = DecodeConfiguration.new
+        @jwk                    = JwkConfiguration.new
+        @strict_base64_decoding = false
+        self.deprecation_warnings = :once
+      end
+      DEPRECATION_WARNINGS_VALUES = %i[once warn silent].freeze
+      def deprecation_warnings=(value)
+        raise ArgumentError, "Invalid deprecation_warnings value #{value}. Supported values: #{DEPRECATION_WARNINGS_VALUES}" unless DEPRECATION_WARNINGS_VALUES.include?(value)
+        @deprecation_warnings = value
       end
     end
   end

data/lib/jwt/deprecations.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module JWT
+  # Deprecations module to handle deprecation warnings in the gem
+  module Deprecations
+    class << self
+      def warning(message)
+        case JWT.configuration.deprecation_warnings
+        when :warn
+          warn("[DEPRECATION WARNING] #{message}")
+        when :once
+          return if record_warned(message)
+          warn("[DEPRECATION WARNING] #{message}")
+        end
+      end
+      private
+      def record_warned(message)
+        @warned ||= []
+        return true if @warned.include?(message)
+        @warned << message
+        false
+      end
+    end
+  end
+end

data/lib/jwt/error.rb CHANGED Viewed

@@ -17,6 +17,7 @@ module JWT
   class InvalidJtiError < DecodeError; end
   class InvalidPayload < DecodeError; end
   class MissingRequiredClaim < DecodeError; end
+  class Base64DecodeError < DecodeError; end
   class JWKError < DecodeError; end
 end

data/lib/jwt/jwa/hmac_rbnacl.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module JWT
       SUPPORTED = MAPPING.keys
       class << self
         def sign(algorithm, msg, key)
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           if (hmac = resolve_algorithm(algorithm))
             hmac.auth(key_for_rbnacl(hmac, key).encode('binary'), msg.encode('binary'))
           else
@@ -16,7 +16,7 @@ module JWT
         end
         def verify(algorithm, key, signing_input, signature)
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           if (hmac = resolve_algorithm(algorithm))
             hmac.verify(key_for_rbnacl(hmac, key).encode('binary'), signature.encode('binary'), signing_input.encode('binary'))
           else

data/lib/jwt/jwa/hmac_rbnacl_fixed.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module JWT
       class << self
         def sign(algorithm, msg, key)
           key ||= ''
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
           if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes
@@ -21,7 +21,7 @@ module JWT
         def verify(algorithm, key, signing_input, signature)
           key ||= ''
-          warn("[DEPRECATION] The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
+          Deprecations.warning("The use of the algorithm #{algorithm} is deprecated and will be removed in the next major version of ruby-jwt")
           raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
           if (hmac = resolve_algorithm(algorithm)) && key.bytesize <= hmac.key_bytes

data/lib/jwt/version.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module JWT
     # minor version
     MINOR = 8
     # tiny version
-    TINY  = 0
+    TINY  = 1
     # alpha, beta, etc. tag
     PRE   = nil

data/lib/jwt.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require 'jwt/base64'
 require 'jwt/json'
 require 'jwt/decode'
 require 'jwt/configuration'
+require 'jwt/deprecations'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.8.1
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-17 00:00:00.000000000 Z
+date: 2024-02-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -129,6 +129,7 @@ files:
 - lib/jwt/configuration/decode_configuration.rb
 - lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
+- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
@@ -162,7 +163,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.0/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []

jwt 2.8.0 → 2.8.1