Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow a list of algorithms for decode #241

Merged
merged 3 commits into from
Oct 5, 2017
Merged

Allow a list of algorithms for decode #241

merged 3 commits into from
Oct 5, 2017

Conversation

lautis
Copy link
Contributor

@lautis lautis commented Oct 5, 2017

Hard-coding only one algorithms makes rolling out changes harder. Both ends need to be deployed simultaneously or retry logic needs to be implemented in app.

Allowing the algorithms to be a list containing potentially multiple entries enables flexibility when changing algorithms. The default value is left unchanged and giving :algorithm option instead of :algorithms still works.

@lautis
Allow a list of algorithms for decode
01c0803 
Hard-coding only one algorithms makes rolling out changes harder. Both
ends need to be deployed simultaneously or retry logic needs to
be implemented in app.

Allowing the algorithms to be a list containing potentially multiple
entries enables flexibility when changing algorithms.
@sourcelevel-bot
Copy link

Hello, @lautis! This is your first Pull Request that will be reviewed by Ebert, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information.

@excpt
Copy link
Member

excpt commented Oct 5, 2017

@lautis Thanks for the PR. I left you a comment to improve the code.

@lautis
Copy link
Contributor Author

lautis commented Oct 5, 2017

@excpt should that be visible somewhere?

excpt
excpt reviewed Oct 5, 2017
View reviewed changes
spec/jwt_spec.rb Outdated
token = JWT.encode payload, data[:secret], 'HS512'

expect do
JWT.decode token, data[:secret], true, algorithm: 'HS384'
JWT.decode token, data[:secret], true, algorithms: 'HS384'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd duplicate the tests in that case, since :algorithm is still supported. I prefer to be a little more paranoid.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a typo, should be left as algorithm there.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Simply push a fix for that and I'll merge it.

@excpt
Copy link
Member

excpt commented Oct 5, 2017

@lautis Now it should be visible. I need to press the "submit review"-button in order to make my review visible.

@excpt excpt added this to the Version 2.1.0 milestone Oct 5, 2017
@excpt excpt self-assigned this Oct 5, 2017
@lautis
Use either algorithm or algorithms
538b65d 
Do not combine both options. As algorithms (plural) option contains
default value, using algorithm (singular) should not include the default
value.
@lautis
Copy link
Contributor Author

lautis commented Oct 5, 2017

I added one more change: removed the combination of option because it could lead into the default algorithms array being used in addition to the value given with algorithm option.

@excpt excpt merged commit 556f3e7 into jwt:master Oct 5, 2017
@excpt
Copy link
Member

excpt commented Oct 5, 2017

Thanks again for your contribution. 🎉

This was referenced Oct 5, 2017
Closed
Closed
@lautis
Copy link
Contributor Author

lautis commented Oct 5, 2017

Thank you for maintaining JWT! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@excpt excpt excpt approved these changes

Assignees

@excpt excpt

Labels
enhancement
Projects
None yet
Milestone
Version 2.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lautis @excpt