Skip to content

Commit

Permalink
Print deprecation warnings only if token validation succeeds
Browse files Browse the repository at this point in the history
  • Loading branch information
anakinj committed Jun 16, 2024
1 parent 764bc34 commit af64e35
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 8 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

**Fixes and enhancements:**

- Print deprecation warnings only on when token decoding succeeds [#600](https://github.com/jwt/ruby-jwt/pull/600) ([@anakinj](https://github.com/anakinj))
- Your contribution here
-

## [v2.8.1](https://github.com/jwt/ruby-jwt/tree/v2.8.1) (2024-02-29)

[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.0...v2.8.1)
Expand Down
4 changes: 3 additions & 1 deletion lib/jwt.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ def encode(payload, key, algorithm = 'HS256', header_fields = {})
end

def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
Deprecations.context do
Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
end
end
end
2 changes: 1 addition & 1 deletion lib/jwt/base64.rb
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def url_decode(str)
raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding

loose_urlsafe_decode64(str).tap do
Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt', only_if_validß: true)
end
end

Expand Down
29 changes: 24 additions & 5 deletions lib/jwt/deprecations.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,34 @@ module JWT
# Deprecations module to handle deprecation warnings in the gem
module Deprecations
class << self
def warning(message)
def context
yield.tap { emit_warnings }
end

def warning(message, only_if_valid: false)
method_name = only_if_valid ? :store : :warn
case JWT.configuration.deprecation_warnings
when :warn
warn("[DEPRECATION WARNING] #{message}")
when :once
return if record_warned(message)

warn("[DEPRECATION WARNING] #{message}")
when :warn
# noop
else
return
end

send(method_name, "[DEPRECATION WARNING] #{message}")
end

def store(message)
(Thread.current[:jwt_warning_store] ||= []) << message
end

def emit_warnings
return if Thread.current[:jwt_warning_store].nil?

Thread.current[:jwt_warning_store].each { |warning| warn(warning) }

Thread.current[:jwt_warning_store] = nil
end

private
Expand Down
18 changes: 18 additions & 0 deletions spec/jwt/jwt_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -944,4 +944,22 @@ def valid_alg?(alg)
end
end
end

context 'when invalid token is valid loose base64' do
it 'does not output deprecations warnings' do
expect {
begin
JWT.decode("#{JWT.encode('a', 'b')} 9", 'b')
rescue JWT::VerificationError
nil
end
}.not_to output(/DEPRECATION/).to_stderr
end
end

context 'when valid token is invalid strict base64' do
it 'does outputs deprecation warning' do
expect { JWT.decode("#{JWT.encode('a', 'b')} ", 'b') }.to output(/DEPRECATION/).to_stderr
end
end
end

0 comments on commit af64e35

Please sign in to comment.