From 756dfc04998aa53b08e6946109c66c8f04807d77 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Tue, 25 Jul 2023 23:17:24 +0300
Subject: [PATCH] Removed the verification_key emptiness guard. Allowing nils
 as verification keys

---
 lib/jwt/default_decoder.rb |  2 +-
 spec/jwt_spec.rb           | 13 -------------
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/lib/jwt/default_decoder.rb b/lib/jwt/default_decoder.rb
index 5d00dff8..31941bf4 100644
--- a/lib/jwt/default_decoder.rb
+++ b/lib/jwt/default_decoder.rb
@@ -3,6 +3,7 @@
 require_relative 'x5c_key_finder'
 
 module JWT
+  # This class contains the old logic for decoding JWT tokens. Preserving backwards compatibility as best as possible.
   class DefaultDecoder
     def self.define_decoder(options) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       JWT.define do
@@ -68,7 +69,6 @@ def decode_segments
 
     def verify_signature
       return if none_algorithm?
-      raise JWT::DecodeError, 'No verification key available' if decode_context.verification_keys.empty?
 
       return if decode_context.valid_signature?
 
diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
index be551779..9179cd67 100644
--- a/spec/jwt_spec.rb
+++ b/spec/jwt_spec.rb
@@ -336,11 +336,6 @@
       end.to raise_error NotImplementedError
     end
 
-    it 'raises "No verification key available" error' do
-      token = JWT.encode({}, 'foo')
-      expect { JWT.decode(token, nil, true) }.to raise_error(JWT::DecodeError, 'No verification key available')
-    end
-
     it 'ECDSA curve_name should raise JWT::IncorrectAlgorithm' do
       key = OpenSSL::PKey::EC.generate('secp256k1')
 
@@ -758,14 +753,6 @@
     end
   end
 
-  describe 'when token signed with nil and decoded with nil' do
-    let(:no_key_token) { ::JWT.encode(payload, nil, 'HS512') }
-    it 'raises JWT::DecodeError' do
-      pending 'Different behaviour on OpenSSL 3.0 (https://github.com/openssl/openssl/issues/13089)' if ::JWT.openssl_3_hmac_empty_key_regression?
-      expect { ::JWT.decode(no_key_token, nil, true, algorithms: 'HS512') }.to raise_error(JWT::DecodeError, 'No verification key available')
-    end
-  end
-
   context 'when multiple algorithms given' do
     let(:token) { JWT.encode(payload, 'secret', 'HS256') }