Skip to content

Commit

Permalink
do not cache JWKS when kid not found
Browse files Browse the repository at this point in the history
  • Loading branch information
@nov
nov committed Jan 23, 2023
1 parent 9f47724 commit cdaafee
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 2 deletions.
9 changes: 8 additions & 1 deletion lib/json/jwk/set/fetcher.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ class Cache
def fetch(cache_key, options = {})
yield
end

def delete(cache_key, options = {}); end
end

def self.logger
Expand Down Expand Up @@ -72,7 +74,12 @@ def self.fetch(jwks_uri, kid:, auto_detect: true, **options)
)

if auto_detect
jwks[kid] or raise KidNotFound
if jwks[kid]
jwks[kid]
else
cache.delete(cache_key)
raise KidNotFound
end
else
jwks
end
Expand Down
14 changes: 13 additions & 1 deletion spec/json/jwk/set/fetcher_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@ def fetch(cache_key, options = {})
yield
end
end

def delete(cache_key)
# ignore
end
end

let(:jwks_uri) { CustomCache::JWKS_URI }
Expand Down Expand Up @@ -109,8 +113,16 @@ def fetch(cache_key, options = {})

context 'when unknown' do
let(:kid) { 'unknown' }
let(:cache_key) do
[
'json:jwk:set',
OpenSSL::Digest::MD5.hexdigest(jwks_uri),
kid
].collect(&:to_s).join(':')
end

it "should not request to jwks_uri" do
it do
expect(JSON::JWK::Set::Fetcher.cache).to receive(:delete).with(cache_key)
expect do
mock_json :get, jwks_uri, 'jwks' do
subject
Expand Down

0 comments on commit cdaafee

Please sign in to comment.