Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warn about deprecations only if token decoding succeeds #600

Merged
merged 2 commits into from
Jun 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@

**Fixes and enhancements:**

- Print deprecation warnings only on when token decoding succeeds [#600](https://github.com/jwt/ruby-jwt/pull/600) ([@anakinj](https://github.com/anakinj))
- Your contribution here
-

## [v2.8.1](https://github.com/jwt/ruby-jwt/tree/v2.8.1) (2024-02-29)

[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.8.0...v2.8.1)
Expand Down
4 changes: 3 additions & 1 deletion lib/jwt.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ def encode(payload, key, algorithm = 'HS256', header_fields = {})
end

def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
Deprecations.context do
Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
end
end
end
2 changes: 1 addition & 1 deletion lib/jwt/base64.rb
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def url_decode(str)
raise Base64DecodeError, 'Invalid base64 encoding' if JWT.configuration.strict_base64_decoding

loose_urlsafe_decode64(str).tap do
Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt')
Deprecations.warning('Invalid base64 input detected, could be because of invalid padding, trailing whitespaces or newline chars. Graceful handling of invalid input will be dropped in the next major version of ruby-jwt', only_if_valid: true)
end
end

Expand Down
29 changes: 24 additions & 5 deletions lib/jwt/deprecations.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,34 @@ module JWT
# Deprecations module to handle deprecation warnings in the gem
module Deprecations
class << self
def warning(message)
def context
yield.tap { emit_warnings }
ensure
Thread.current[:jwt_warning_store] = nil
end

def warning(message, only_if_valid: false)
method_name = only_if_valid ? :store : :warn
case JWT.configuration.deprecation_warnings
when :warn
warn("[DEPRECATION WARNING] #{message}")
when :once
return if record_warned(message)

warn("[DEPRECATION WARNING] #{message}")
when :warn
# noop
else
return
end

send(method_name, "[DEPRECATION WARNING] #{message}")
end

def store(message)
(Thread.current[:jwt_warning_store] ||= []) << message
end

def emit_warnings
return if Thread.current[:jwt_warning_store].nil?

Thread.current[:jwt_warning_store].each { |warning| warn(warning) }
end

private
Expand Down
32 changes: 32 additions & 0 deletions spec/jwt/jwt_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -944,4 +944,36 @@ def valid_alg?(alg)
end
end
end

context 'when invalid token is valid loose base64' do
it 'does not output deprecations warnings' do
expect {
begin
JWT.decode("#{JWT.encode('a', 'b')} 9", 'b')
rescue JWT::VerificationError
nil
end
}.not_to output(/DEPRECATION/).to_stderr
end
end

context 'when valid token is invalid strict base64 and decoded with the correct key' do
it 'does outputs deprecation warning' do
expect { JWT.decode("#{JWT.encode('payload', 'key')} ", 'key') }.to output(/DEPRECATION/).to_stderr
end
end

context 'when valid token is invalid strict base64 and decoded with the incorrect key' do
it 'does not output deprecation warning, even when decoded with the correct key' do
token = JWT.encode('payload', 'key')
expect {
begin
JWT.decode("#{token} ", 'incorrect')
rescue JWT::VerificationError
nil
end
JWT.decode(token, 'key')
}.not_to output(/DEPRECATION/).to_stderr
end
end
end
Loading