Merge branch 'master' into optimize

auth0 · Jun 26, 2018 · e0fae69 · e0fae69
2 parents d8b1cd7 + cd82146
commit e0fae69
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 16 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Change Log
 
+## [3.4.0](https://github.com/auth0/java-jwt/tree/3.4.0) (2018-06-13)
+[Full Changelog](https://github.com/auth0/java-jwt/compare/3.3.0...3.4.0)
+
+**Changed**
+- Fix for issue #236 - refactored HMACAlgorithm so that it doesn't throw an UnsupportedEncodingException [\#242](https://github.com/auth0/java-jwt/pull/242) ([obecker](https://github.com/obecker))
+- Throw JWTDecodeException when date claim format is invalid [\#241](https://github.com/auth0/java-jwt/pull/241) ([lbalmaceda](https://github.com/lbalmaceda))
+
+**Security**
+- Bump Jackson dependency [\#244](https://github.com/auth0/java-jwt/pull/244) ([skjolber](https://github.com/skjolber))
+
 ## [3.3.0](https://github.com/auth0/java-jwt/tree/3.3.0) (2017-11-06)
 [Full Changelog](https://github.com/auth0/java-jwt/compare/3.2.0...3.3.0)
 **Closed issues**

diff --git a/README.md b/README.md
@@ -18,14 +18,14 @@ If you're looking for an **Android** version of the JWT Decoder take a look at o
 <dependency>
     <groupId>com.auth0</groupId>
     <artifactId>java-jwt</artifactId>
-    <version>3.3.0</version>
+    <version>3.4.0</version>
 </dependency>
 ```
 
 ### Gradle
 
 ```gradle
-compile 'com.auth0:java-jwt:3.3.0'
+compile 'com.auth0:java-jwt:3.4.0'
 ```
 
 ## Available Algorithms
@@ -120,8 +120,6 @@ try {
     String token = JWT.create()
         .withIssuer("auth0")
         .sign(algorithm);
-} catch (UnsupportedEncodingException exception){
-    //UTF-8 encoding not supported
 } catch (JWTCreationException exception){
     //Invalid Signing configuration / Couldn't convert Claims.
 }
@@ -159,8 +157,6 @@ try {
         .withIssuer("auth0")
         .build(); //Reusable verifier instance
     DecodedJWT jwt = verifier.verify(token);
-} catch (UnsupportedEncodingException exception){
-    //UTF-8 encoding not supported
 } catch (JWTVerificationException exception){
     //Invalid signature/claims
 }

diff --git a/build.gradle b/build.gradle
@@ -5,8 +5,7 @@ buildscript {
         jcenter()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:2.2.2'
-        classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.7'
+        classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.8.1'
     }
 }
 

diff --git a/lib/build.gradle b/lib/build.gradle
@@ -34,13 +34,13 @@ compileJava {
 }
 
 dependencies {
-    compile 'com.fasterxml.jackson.core:jackson-databind:2.9.2'
+    compile 'com.fasterxml.jackson.core:jackson-databind:2.9.6'
     compile 'commons-codec:commons-codec:1.11'
-    testCompile 'org.bouncycastle:bcprov-jdk15on:1.58'
+    testCompile 'org.bouncycastle:bcprov-jdk15on:1.59'
     testCompile 'junit:junit:4.12'
     testCompile 'net.jodah:concurrentunit:0.4.3'
     testCompile 'org.hamcrest:java-hamcrest:2.0.0.0'
-    testCompile 'org.mockito:mockito-core:2.11.0'
+    testCompile 'org.mockito:mockito-core:2.18.3'
 }
 
 jacocoTestReport {

diff --git a/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java b/lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
@@ -68,9 +68,12 @@ List<String> getStringOrArray(Map<String, JsonNode> tree, String claimName) thro
 
     Date getDateFromSeconds(Map<String, JsonNode> tree, String claimName) {
         JsonNode node = tree.get(claimName);
-        if (node == null || node.isNull() || !node.canConvertToLong()) {
+        if (node == null || node.isNull()) {
             return null;
         }
+        if (!node.canConvertToLong()) {
+            throw new JWTDecodeException(String.format("The claim '%s' contained a non-numeric date value.", claimName));
+        }
         final long ms = node.asLong() * 1000;
         return new Date(ms);
     }

diff --git a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
@@ -275,7 +275,7 @@ public void shouldGetCustomMapClaim() throws Exception {
 
     @Test
     public void shouldGetAvailableClaims() throws Exception {
-        DecodedJWT jwt = JWT.decode("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIxMjM0NTY3ODkwIiwiaWF0IjoiMTIzNDU2Nzg5MCIsIm5iZiI6IjEyMzQ1Njc4OTAiLCJqdGkiOiJodHRwczovL2p3dC5pby8iLCJhdWQiOiJodHRwczovL2RvbWFpbi5hdXRoMC5jb20iLCJzdWIiOiJsb2dpbiIsImlzcyI6ImF1dGgwIiwiZXh0cmFDbGFpbSI6IkpvaG4gRG9lIn0.TX9Ct4feGp9YyeGK9Zl91tO0YBOrguJ4As9jeqgHdZQ");
+        DecodedJWT jwt = JWT.decode("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEyMzQ1Njc4OTAsImlhdCI6MTIzNDU2Nzg5MCwibmJmIjoxMjM0NTY3ODkwLCJqdGkiOiJodHRwczovL2p3dC5pby8iLCJhdWQiOiJodHRwczovL2RvbWFpbi5hdXRoMC5jb20iLCJzdWIiOiJsb2dpbiIsImlzcyI6ImF1dGgwIiwiZXh0cmFDbGFpbSI6IkpvaG4gRG9lIn0.2_0nxDPJwOk64U5V5V9pt8U92jTPJbGsHYQ35HYhbdE");
         assertThat(jwt, is(notNullValue()));
         assertThat(jwt.getClaims(), is(notNullValue()));
         assertThat(jwt.getClaims(), is(instanceOf(Map.class)));

diff --git a/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java b/lib/src/test/java/com/auth0/jwt/impl/PayloadDeserializerTest.java
@@ -198,13 +198,15 @@ public void shouldGetNullDateWhenParsingNull() throws Exception {
     }
 
     @Test
-    public void shouldGetNullDateWhenParsingNonNumericNode() throws Exception {
+    public void shouldThrowWhenParsingNonNumericNode() throws Exception {
+        exception.expect(JWTDecodeException.class);
+        exception.expectMessage("The claim 'key' contained a non-numeric date value.");
+
         Map<String, JsonNode> tree = new HashMap<>();
         TextNode node = new TextNode("123456789");
         tree.put("key", node);
 
-        Date date = deserializer.getDateFromSeconds(tree, "key");
-        assertThat(date, is(nullValue()));
+        deserializer.getDateFromSeconds(tree, "key");
     }
 
     @Test