[Bug 43077] New: Add encode_claims/decode_claims to Koha::Token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43077 Bug ID: 43077 Summary: Add encode_claims/decode_claims to Koha::Token Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org Blocks: 42383 Target Milestone: --- Koha::Token currently only supports JWTs with a single 'id' claim (generate_jwt/check_jwt/decode_jwt). This adds general-purpose encode_claims/decode_claims methods that support arbitrary claim hashes, and refactors the existing id-based methods as thin wrappers on top. This will be used by the upcoming Koha::Module::Policy classes (Bug 42383) which serialize per-module capability hashes as JWTs in API response headers. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42383 [Bug 42383] Migrate check-in page to Vue -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43077 --- Comment #1 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 201951 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201951&action=edit Bug 43077: Add encode_claims/decode_claims to Koha::Token This patch adds two methods to Koha::Token for encoding and decoding arbitrary claims as signed JWTs: - encode_claims($hashref) - encodes any hashref as a signed JWT - decode_claims($token) - decodes a JWT and returns the full claims Unlike the existing generate_jwt/decode_jwt methods (which only support a single 'id' string value), these methods support full claim structures including nested hashes and arrays. Both use the standard Koha secret (database password) for signing, reusing the existing _add_default_jwt_params internal function. This will be used by the upcoming Koha::Module::Policy classes, which will serialize per-module capability hashes as JWTs in API response headers. Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/Koha/Token.t => SUCCESS: Tests pass 3. Tests cover: - Simple hashref encoding/decoding (string, numeric, boolean) - Complex nested structures (hashes, arrays) - JWT format validation 4. Sign off :-D -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43077 --- Comment #2 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 201952 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201952&action=edit Bug 43077: (follow-up) Refactor JWT methods to use encode_claims/decode_claims This patch refactors the existing JWT methods (generate_jwt, check_jwt, decode_jwt) to be thin wrappers around encode_claims/decode_claims, eliminating the private _gen_jwt, _chk_jwt, and _decode_jwt functions. The generate() and check() dispatcher methods are also updated to use the new general methods directly. This makes encode_claims/decode_claims the single source of truth for JWT operations, with the id-based methods as a convenience layer on top. Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/Token.t t/Koha/Token.t => SUCCESS: Tests pass (both old and new tests) 3. Existing JWT behavior preserved (generate_jwt, check_jwt, decode_jwt all produce identical results) 4. Sign off :-D -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43077 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | Status|NEW |Needs Signoff CC| |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org