Custom empty claims

Closes #858. Custom claims can now be empty again (which was the behavior for <= 0.11.5).
2023-10-14 16:59:35 -07:00 · 2023-10-14 16:59:35 -07:00 · db339704e5
parent 59c9df1231
commit db339704e5
4 changed files with 48 additions and 21 deletions
--- a/api/src/main/java/io/jsonwebtoken/lang/Objects.java
+++ b/api/src/main/java/io/jsonwebtoken/lang/Objects.java
@ -94,7 +94,7 @@ public final class Objects {
     * Returns {@code true} if the specified argument:
     * <ol>
     *     <li>is {@code null}, or</li>
-     *     <li>is a String and {@link Strings#hasText(String)} is {@code false}, or</li>
+     *     <li>is a CharSequence and {@link Strings#hasText(CharSequence)} is {@code false}, or</li>
     *     <li>is a Collection or Map with zero size, or</li>
     *     <li>is an empty array</li>
     * </ol>
@ -106,7 +106,7 @@ public final class Objects {
     */
    public static boolean isEmpty(Object v) {
        return v == null ||
-                (v instanceof String && !Strings.hasText((String) v)) ||
+                (v instanceof CharSequence && !Strings.hasText((CharSequence) v)) ||
                (v instanceof Collection && Collections.isEmpty((Collection<?>) v)) ||
                (v instanceof Map && Collections.isEmpty((Map<?, ?>) v)) ||
                (v.getClass().isArray() && Array.getLength(v) == 0);
--- a/impl/src/main/java/io/jsonwebtoken/impl/ParameterMap.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/ParameterMap.java
@ -124,13 +124,6 @@ public class ParameterMap implements Map<String, Object>, ParameterReadable, Nam
        return values.get(o);
    }

-    private static Object clean(Object o) {
-        if (o instanceof String) {
-            o = Strings.clean((String) o);
-        }
-        return o;
-    }
-
    /**
     * Convenience method to put a value for an idiomatic param.
     *
@ -143,7 +136,7 @@ public class ParameterMap implements Map<String, Object>, ParameterReadable, Nam
        assertMutable();
        Assert.notNull(param, "Parameter cannot be null.");
        Assert.hasText(param.getId(), "Parameter id cannot be null or empty.");
-        return apply(param, clean(value));
+        return apply(param, value);
    }

    @Override
@ -156,12 +149,12 @@ public class ParameterMap implements Map<String, Object>, ParameterReadable, Nam
            return put(param, value);
        } else {
            // non-standard or custom property, just apply directly:
-            return nullSafePut(name, clean(value));
+            return nullSafePut(name, value);
        }
    }

    private Object nullSafePut(String name, Object value) {
-        if (Objects.isEmpty(value)) {
+        if (value == null) {
            return remove(name);
        } else {
            this.idiomaticValues.put(name, value);
@ -199,9 +192,8 @@ public class ParameterMap implements Map<String, Object>, ParameterReadable, Nam
            String msg = sb.toString();
            throw new IllegalArgumentException(msg, e);
        }
-        Object retval = nullSafePut(id, canonicalValue);
        this.idiomaticValues.put(id, idiomaticValue);
-        return retval;
+        return this.values.put(id, canonicalValue);
    }

    @Override
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtBuilderTest.groovy
+++ b/impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtBuilderTest.groovy
@ -219,13 +219,6 @@ class DefaultJwtBuilderTest {
        assertEquals b.claimsBuilder.foo, 'bar'
    }

-    @Test
-    void testClaimEmptyString() {
-        String value = ' '
-        builder.claim('foo', value)
-        assertTrue builder.claimsBuilder.isEmpty() // shouldn't populate claims instance
-    }
-
    @Test
    void testExistingClaimsAndSetClaim() {
        Claims c = Jwts.claims().add('foo', 'bar').build()
--- a/impl/src/test/groovy/io/jsonwebtoken/issues/Issue858Test.groovy
+++ b/impl/src/test/groovy/io/jsonwebtoken/issues/Issue858Test.groovy
@ -0,0 +1,42 @@
+/*
+ * Copyright © 2023 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.jsonwebtoken.issues
+
+import io.jsonwebtoken.Jwts
+import org.junit.Test
+
+import static org.junit.Assert.assertEquals
+
+class Issue858Test {
+
+    @Test
+    void testEmptyAndNullEntries() {
+        def jwt = Jwts.builder()
+                .subject('Joe')
+                .claim('foo', '')       // empty allowed
+                .claim('list', [])            // empty allowed
+                .claim('map', [:])            // empty map allowed
+                .claim('another', null) // null not allowed (same behavior since <= 0.11.5), won't be added
+                .compact()
+
+        def claims = Jwts.parser().unsecured().build().parseUnsecuredClaims(jwt).getPayload()
+        assertEquals 4, claims.size()
+        assertEquals 'Joe', claims.getSubject()
+        assertEquals '', claims.get('foo')
+        assertEquals([], claims.get('list'))
+        assertEquals([:], claims.get('map'))
+    }
+}