Custom empty claims

Closes jwtk#858. Custom claims can now be empty again (which was the behavior for <= 0.11.5).
cwperks · Oct 14, 2023 · db33970 · db33970
1 parent 59c9df1
commit db33970
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 21 deletions.
diff --git a/api/src/main/java/io/jsonwebtoken/lang/Objects.java b/api/src/main/java/io/jsonwebtoken/lang/Objects.java
@@ -94,7 +94,7 @@ public static boolean isArray(Object obj) {
      * Returns {@code true} if the specified argument:
      * <ol>
      *     <li>is {@code null}, or</li>
-     *     <li>is a String and {@link Strings#hasText(String)} is {@code false}, or</li>
+     *     <li>is a CharSequence and {@link Strings#hasText(CharSequence)} is {@code false}, or</li>
      *     <li>is a Collection or Map with zero size, or</li>
      *     <li>is an empty array</li>
      * </ol>
@@ -106,7 +106,7 @@ public static boolean isArray(Object obj) {
      */
     public static boolean isEmpty(Object v) {
         return v == null ||
-                (v instanceof String && !Strings.hasText((String) v)) ||
+                (v instanceof CharSequence && !Strings.hasText((CharSequence) v)) ||
                 (v instanceof Collection && Collections.isEmpty((Collection<?>) v)) ||
                 (v instanceof Map && Collections.isEmpty((Map<?, ?>) v)) ||
                 (v.getClass().isArray() && Array.getLength(v) == 0);

diff --git a/impl/src/main/java/io/jsonwebtoken/impl/ParameterMap.java b/impl/src/main/java/io/jsonwebtoken/impl/ParameterMap.java
@@ -124,13 +124,6 @@ public Object get(Object o) {
         return values.get(o);
     }
 
-    private static Object clean(Object o) {
-        if (o instanceof String) {
-            o = Strings.clean((String) o);
-        }
-        return o;
-    }
-
     /**
      * Convenience method to put a value for an idiomatic param.
      *
@@ -143,7 +136,7 @@ protected final <T> Object put(Parameter<T> param, Object value) {
         assertMutable();
         Assert.notNull(param, "Parameter cannot be null.");
         Assert.hasText(param.getId(), "Parameter id cannot be null or empty.");
-        return apply(param, clean(value));
+        return apply(param, value);
     }
 
     @Override
@@ -156,12 +149,12 @@ public final Object put(String name, Object value) {
             return put(param, value);
         } else {
             // non-standard or custom property, just apply directly:
-            return nullSafePut(name, clean(value));
+            return nullSafePut(name, value);
         }
     }
 
     private Object nullSafePut(String name, Object value) {
-        if (Objects.isEmpty(value)) {
+        if (value == null) {
             return remove(name);
         } else {
             this.idiomaticValues.put(name, value);
@@ -199,9 +192,8 @@ private <T> Object apply(Parameter<T> param, Object rawValue) {
             String msg = sb.toString();
             throw new IllegalArgumentException(msg, e);
         }
-        Object retval = nullSafePut(id, canonicalValue);
         this.idiomaticValues.put(id, idiomaticValue);
-        return retval;
+        return this.values.put(id, canonicalValue);
     }
 
     @Override

diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtBuilderTest.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtBuilderTest.groovy
@@ -219,13 +219,6 @@ class DefaultJwtBuilderTest {
         assertEquals b.claimsBuilder.foo, 'bar'
     }
 
-    @Test
-    void testClaimEmptyString() {
-        String value = ' '
-        builder.claim('foo', value)
-        assertTrue builder.claimsBuilder.isEmpty() // shouldn't populate claims instance
-    }
-
     @Test
     void testExistingClaimsAndSetClaim() {
         Claims c = Jwts.claims().add('foo', 'bar').build()

diff --git a/impl/src/test/groovy/io/jsonwebtoken/issues/Issue858Test.groovy b/impl/src/test/groovy/io/jsonwebtoken/issues/Issue858Test.groovy
@@ -0,0 +1,42 @@
+/*
+ * Copyright © 2023 jsonwebtoken.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.jsonwebtoken.issues
+
+import io.jsonwebtoken.Jwts
+import org.junit.Test
+
+import static org.junit.Assert.assertEquals
+
+class Issue858Test {
+
+    @Test
+    void testEmptyAndNullEntries() {
+        def jwt = Jwts.builder()
+                .subject('Joe')
+                .claim('foo', '')       // empty allowed
+                .claim('list', [])            // empty allowed
+                .claim('map', [:])            // empty map allowed
+                .claim('another', null) // null not allowed (same behavior since <= 0.11.5), won't be added
+                .compact()
+
+        def claims = Jwts.parser().unsecured().build().parseUnsecuredClaims(jwt).getPayload()
+        assertEquals 4, claims.size()
+        assertEquals 'Joe', claims.getSubject()
+        assertEquals '', claims.get('foo')
+        assertEquals([], claims.get('list'))
+        assertEquals([:], claims.get('map'))
+    }
+}