Update json-path to version 2.8.0 - introduces a breaking change in h…

…ow `oauth.custom.claim.check` queries using `== null` or `!= null` are handled Signed-off-by: Marko Strukelj <[email protected]>
strimzi · Jun 28, 2023 · b4d8ae5 · b4d8ae5
1 parent 2cf1d5a
commit b4d8ae5
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 3 deletions.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -1,6 +1,24 @@
 Release Notes
 =============
 
+0.13.0
+------
+
+### Fixed json-path handling of null
+
+This change introduces a backwards incompatible change in how queries using `equals` or `not equals` comparison to `null` are handled.
+
+Previously the query `"@.missing == null"` where JWT token claim called `missing` was not present in the token would evaluate to `false`.
+Similarly the query `"@.missing != null"` would evaluate to `true`.
+
+Such behavior is clearly non-intuitive, and was recognised as a bug and fixed in the [json-path](https://github.com/json-path/jsonpath) library.
+
+By bumping the version of `json-path` to `2.8.0` the behaviour is now fixed. The query `"@.missing == null"` evaluates to `true`, and
+`"@.missing != null"` evaluates to `false`.
+
+The documentation in [README.md](README.md#custom-claim-checking) has always contained a note that one should not use `null` comparison in the queries.
+Those who followed that rule will not be affected.
+
 0.12.0
 ------
 

diff --git a/oauth-common/src/test/java/io/strimzi/kafka/oauth/jsonpath/CustomCheckTest.java b/oauth-common/src/test/java/io/strimzi/kafka/oauth/jsonpath/CustomCheckTest.java
@@ -86,8 +86,8 @@ public class CustomCheckTest {
         "@.custom == 'custom-value' && @.exp > 1000", "false",
         "@.custom == 'custom-value' || @.exp > 1000", "true",
         "(@.custom == 'custom-value' || @.custom == 'custom-value2')", "true",
-        "@.missing == null", "false",
-        "@.missing != null", "true",
+        "@.missing == null", "true",
+        "@.missing != null", "false",
         "@.missing", "false",
         "[email protected]", "true",
         "@.custom", "true",

diff --git a/pom.xml b/pom.xml
@@ -106,7 +106,7 @@
         <kafka.version>3.4.0</kafka.version>
         <jackson.version>2.13.4</jackson.version>
         <jackson.databind.version>2.13.4.2</jackson.databind.version>
-        <jsonpath.version>2.6.0</jsonpath.version>
+        <jsonpath.version>2.8.0</jsonpath.version>
         <junit.version>4.13.2</junit.version>
         <slf4j.version>1.7.36</slf4j.version>
         <mockito.version>3.12.4</mockito.version>