Skip to content

Commit 728aa55

Browse files
committed
Restore nested JWT max depth constants
1 parent 471c212 commit 728aa55

2 files changed

Lines changed: 4 additions & 20 deletions

File tree

lib/jwt/nested_token.rb

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ module JWT
2323
#
2424
# @see https://datatracker.ietf.org/doc/html/rfc7519#section-5.2 RFC 7519 Section 5.2
2525
class NestedToken
26+
CTY_JWT = 'JWT'
27+
MAX_DEPTH = 10
28+
2629
# @return [String] the current JWT string represented by this instance.
2730
attr_reader :jwt
2831

@@ -48,7 +51,7 @@ def sign!(algorithm:, key:, header: {})
4851
signer = JWA.create_signer(algorithm: algorithm, key: key)
4952
outer_header = (header || {})
5053
.transform_keys(&:to_s)
51-
.merge('cty' => 'JWT') # The content type header value for nested JWTs as per RFC 7519.
54+
.merge('cty' => CTY_JWT)
5255

5356
outer_header.merge!(signer.jwa.header) { |_header_key, old, _new| old }
5457

spec/jwt/nested_token_spec.rb

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -173,25 +173,6 @@
173173
end.to raise_error(JWT::DecodeError, 'Expected 1 key configurations, got 2')
174174
end
175175

176-
it 'raises DecodeError when nesting exceeds max_depth' do
177-
level_1_jwt = JWT.encode(inner_payload, 'secret_1', 'HS256')
178-
level2 = described_class.new(level_1_jwt)
179-
level2.sign!(algorithm: 'HS256', key: 'secret_2')
180-
level3 = described_class.new(level2.jwt)
181-
level3.sign!(algorithm: 'HS256', key: 'secret_3')
182-
183-
expect do
184-
described_class.new(level3.jwt).verify_signatures!(
185-
keys: [
186-
{ algorithm: 'HS256', key: 'secret_3' },
187-
{ algorithm: 'HS256', key: 'secret_2' },
188-
{ algorithm: 'HS256', key: 'secret_1' }
189-
],
190-
max_depth: 2
191-
)
192-
end.to raise_error(JWT::DecodeError, 'Nested JWT exceeds maximum depth of 2')
193-
end
194-
195176
context 'with different algorithms at each level' do
196177
let(:rsa_private) { test_pkey('rsa-2048-private.pem') }
197178
let(:rsa_public) { rsa_private.public_key }

0 commit comments

Comments
 (0)