From eb9df1a39c760d6b2259c0d31c4237058dd7e1dc Mon Sep 17 00:00:00 2001 From: Joakim Antman Date: Sat, 28 Dec 2024 21:46:24 +0200 Subject: [PATCH] Remove deprecated algorithm functionality --- CHANGELOG.md | 1 + lib/jwt.rb | 5 +-- lib/jwt/configuration/container.rb | 1 - lib/jwt/deprecations.rb | 49 ------------------------------ lib/jwt/jwa.rb | 7 +---- lib/jwt/jwa/compat.rb | 32 ------------------- lib/jwt/jwa/signing_algorithm.rb | 1 - lib/jwt/jwa/wrapper.rb | 44 --------------------------- spec/jwt/jwa/ecdsa_spec.rb | 8 ----- spec/jwt/jwa/hmac_spec.rb | 8 ----- spec/jwt/jwa/ps_spec.rb | 7 ----- spec/jwt/jwa/rsa_spec.rb | 7 ----- spec/jwt/jwt_spec.rb | 5 ++- 13 files changed, 5 insertions(+), 170 deletions(-) delete mode 100644 lib/jwt/deprecations.rb delete mode 100644 lib/jwt/jwa/compat.rb delete mode 100644 lib/jwt/jwa/wrapper.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 222bce82..033f94ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - Remove deprecated claim verification methods [#654](https://github.com/jwt/ruby-jwt/pull/654) ([@anakinj](https://github.com/anakinj)) - Remove dependency to rbnacl [#655](https://github.com/jwt/ruby-jwt/pull/655) ([@anakinj](https://github.com/anakinj)) - Support only stricter base64 decoding (RFC 4648) [#658](https://github.com/jwt/ruby-jwt/pull/658) ([@anakinj](https://github.com/anakinj)) +- Custom algorithms are required to include `JWT::JWA::SigningAlgorithm` [#660](https://github.com/jwt/ruby-jwt/pull/560) ([@anakinj](https://github.com/anakinj)) Take a look at the [upgrade guide](UPGRADING.md) for more details. diff --git a/lib/jwt.rb b/lib/jwt.rb index cd09cf9c..86ac2e6a 100644 --- a/lib/jwt.rb +++ b/lib/jwt.rb @@ -5,7 +5,6 @@ require 'jwt/json' require 'jwt/decode' require 'jwt/configuration' -require 'jwt/deprecations' require 'jwt/encode' require 'jwt/error' require 'jwt/jwk' @@ -44,8 +43,6 @@ def encode(payload, key, algorithm = 'HS256', header_fields = {}) # @param options [Hash] additional options for decoding. # @return [Array] the decoded payload and headers. def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter - Deprecations.context do - Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments - end + Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments end end diff --git a/lib/jwt/configuration/container.rb b/lib/jwt/configuration/container.rb index 33e97c8d..9351d965 100644 --- a/lib/jwt/configuration/container.rb +++ b/lib/jwt/configuration/container.rb @@ -30,7 +30,6 @@ def initialize def reset! @decode = DecodeConfiguration.new @jwk = JwkConfiguration.new - @strict_base64_decoding = false self.deprecation_warnings = :once end diff --git a/lib/jwt/deprecations.rb b/lib/jwt/deprecations.rb deleted file mode 100644 index 34c73108..00000000 --- a/lib/jwt/deprecations.rb +++ /dev/null @@ -1,49 +0,0 @@ -# frozen_string_literal: true - -module JWT - # Deprecations module to handle deprecation warnings in the gem - # @api private - module Deprecations - class << self - def context - yield.tap { emit_warnings } - ensure - Thread.current[:jwt_warning_store] = nil - end - - def warning(message, only_if_valid: false) - method_name = only_if_valid ? :store : :warn - case JWT.configuration.deprecation_warnings - when :once - return if record_warned(message) - when :warn - # noop - else - return - end - - send(method_name, "[DEPRECATION WARNING] #{message}") - end - - def store(message) - (Thread.current[:jwt_warning_store] ||= []) << message - end - - def emit_warnings - return if Thread.current[:jwt_warning_store].nil? - - Thread.current[:jwt_warning_store].each { |warning| warn(warning) } - end - - private - - def record_warned(message) - @warned ||= [] - return true if @warned.include?(message) - - @warned << message - false - end - end - end -end diff --git a/lib/jwt/jwa.rb b/lib/jwt/jwa.rb index 8c416ce0..92df7dd5 100644 --- a/lib/jwt/jwa.rb +++ b/lib/jwt/jwa.rb @@ -2,7 +2,6 @@ require 'openssl' -require_relative 'jwa/compat' require_relative 'jwa/signing_algorithm' require_relative 'jwa/ecdsa' require_relative 'jwa/hmac' @@ -10,7 +9,6 @@ require_relative 'jwa/ps' require_relative 'jwa/rsa' require_relative 'jwa/unsupported' -require_relative 'jwa/wrapper' module JWT # The JWA module contains all supported algorithms. @@ -20,10 +18,7 @@ class << self def resolve(algorithm) return find(algorithm) if algorithm.is_a?(String) || algorithm.is_a?(Symbol) - unless algorithm.is_a?(SigningAlgorithm) - Deprecations.warning('Custom algorithms are required to include JWT::JWA::SigningAlgorithm. Custom algorithms that do not include this module may stop working in the next major version of ruby-jwt.') - return Wrapper.new(algorithm) - end + raise ArgumentError, 'Custom algorithms are required to include JWT::JWA::SigningAlgorithm' unless algorithm.is_a?(SigningAlgorithm) algorithm end diff --git a/lib/jwt/jwa/compat.rb b/lib/jwt/jwa/compat.rb deleted file mode 100644 index fc80d162..00000000 --- a/lib/jwt/jwa/compat.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -module JWT - module JWA - # Provides backwards compatibility for algorithms - # @api private - module Compat - # @api private - module ClassMethods - def from_algorithm(algorithm) - new(algorithm) - end - - def sign(algorithm, msg, key) - Deprecations.warning('Support for calling sign with positional arguments will be removed in future ruby-jwt versions') - - from_algorithm(algorithm).sign(data: msg, signing_key: key) - end - - def verify(algorithm, key, signing_input, signature) - Deprecations.warning('Support for calling verify with positional arguments will be removed in future ruby-jwt versions') - - from_algorithm(algorithm).verify(data: signing_input, signature: signature, verification_key: key) - end - end - - def self.included(klass) - klass.extend(ClassMethods) - end - end - end -end diff --git a/lib/jwt/jwa/signing_algorithm.rb b/lib/jwt/jwa/signing_algorithm.rb index 8ddbf05a..b4590a8b 100644 --- a/lib/jwt/jwa/signing_algorithm.rb +++ b/lib/jwt/jwa/signing_algorithm.rb @@ -14,7 +14,6 @@ def register_algorithm(algo) def self.included(klass) klass.extend(ClassMethods) - klass.include(JWT::JWA::Compat) end attr_reader :alg diff --git a/lib/jwt/jwa/wrapper.rb b/lib/jwt/jwa/wrapper.rb deleted file mode 100644 index 41ba0fe6..00000000 --- a/lib/jwt/jwa/wrapper.rb +++ /dev/null @@ -1,44 +0,0 @@ -# frozen_string_literal: true - -module JWT - module JWA - # @api private - class Wrapper - include SigningAlgorithm - - def initialize(algorithm) - @algorithm = algorithm - end - - def alg - return @algorithm.alg if @algorithm.respond_to?(:alg) - - super - end - - def valid_alg?(alg_to_check) - return @algorithm.valid_alg?(alg_to_check) if @algorithm.respond_to?(:valid_alg?) - - super - end - - def header(*args, **kwargs) - return @algorithm.header(*args, **kwargs) if @algorithm.respond_to?(:header) - - super - end - - def sign(*args, **kwargs) - return @algorithm.sign(*args, **kwargs) if @algorithm.respond_to?(:sign) - - super - end - - def verify(*args, **kwargs) - return @algorithm.verify(*args, **kwargs) if @algorithm.respond_to?(:verify) - - super - end - end - end -end diff --git a/spec/jwt/jwa/ecdsa_spec.rb b/spec/jwt/jwa/ecdsa_spec.rb index fe52f10e..72d36738 100644 --- a/spec/jwt/jwa/ecdsa_spec.rb +++ b/spec/jwt/jwa/ecdsa_spec.rb @@ -31,12 +31,4 @@ end end end - - context 'backwards compatibility' do - it 'signs and verifies' do - key = OpenSSL::PKey::EC.generate('prime256v1') - signature = described_class.sign('ES256', 'data', key) - expect(described_class.verify('ES256', key, 'data', signature)).to be(true) - end - end end diff --git a/spec/jwt/jwa/hmac_spec.rb b/spec/jwt/jwa/hmac_spec.rb index 2d98d227..20504cde 100644 --- a/spec/jwt/jwa/hmac_spec.rb +++ b/spec/jwt/jwa/hmac_spec.rb @@ -125,12 +125,4 @@ it { is_expected.to be(false) } end end - - context 'backwards compatibility' do - it 'signs and verifies' do - signature = described_class.sign('HS256', 'data', 'key') - expect(signature).to be_a(String) - expect(described_class.verify('HS256', 'key', 'data', signature)).to be(true) - end - end end diff --git a/spec/jwt/jwa/ps_spec.rb b/spec/jwt/jwa/ps_spec.rb index 31771e32..53b57433 100644 --- a/spec/jwt/jwa/ps_spec.rb +++ b/spec/jwt/jwa/ps_spec.rb @@ -69,11 +69,4 @@ end end end - - context 'backwards compatibility' do - it 'signs and verifies' do - signature = described_class.sign('PS256', 'data', rsa_key) - expect(described_class.verify('PS256', rsa_key, 'data', signature)).to be(true) - end - end end diff --git a/spec/jwt/jwa/rsa_spec.rb b/spec/jwt/jwa/rsa_spec.rb index 758bd5d5..ea73c93d 100644 --- a/spec/jwt/jwa/rsa_spec.rb +++ b/spec/jwt/jwa/rsa_spec.rb @@ -50,11 +50,4 @@ end end end - - context 'backwards compatibility' do - it 'signs and verifies' do - signature = described_class.sign('RS256', 'data', rsa_key) - expect(described_class.verify('RS256', rsa_key, 'data', signature)).to be(true) - end - end end diff --git a/spec/jwt/jwt_spec.rb b/spec/jwt/jwt_spec.rb index d8690de5..e8e2be71 100644 --- a/spec/jwt/jwt_spec.rb +++ b/spec/jwt/jwt_spec.rb @@ -899,9 +899,8 @@ def verify(*) end end - it 'emits a deprecation warning' do - expect { token }.to output(/.*Custom algorithms are required to include JWT::JWA::SigningAlgorithm.*/).to_stderr - expect(JWT.decode(token, 'secret', true, algorithm: custom_algorithm.new)).to eq([payload, { 'alg' => 'custom', 'foo' => 'bar' }]) + it 'raises an error' do + expect { token }.to raise_error(ArgumentError, 'Custom algorithms are required to include JWT::JWA::SigningAlgorithm') end end