atlassian-jwt 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 95822a295a203005eef8ab806c8271e186e79e60
+  data.tar.gz: d86ec07e14e5ac7b4e1328b94026e38f84520e95
+SHA512:
+  metadata.gz: 5ca63e222c259304cbfd59a9bdc93c7748afbfe7f99ccff349044a64ce28625e5c2fbb95329db43803118613e211d350e8e508942f3bc4daf4ed9ee5a9d67826
+  data.tar.gz: a7596769f75d9f03d904c47fbb75ef5db2080b5ead8a395b26d5289f2be4e2e574a2b4cccba6b69d9352aa245eb5c42a33db2c72fc640d9b06bb9868477454ae

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.ruby-*
+/atlassian-jwt-*.gem

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in atlassian-jwt.gemspec
+gemspec

data/README.md

@@ -0,0 +1,134 @@
+# Atlassian::Jwt
+
+This gem provides helpers for generating Atlassian specific JWT
+claims. It also exposes the [ruby-jwt](https://github.com/jwt/ruby-jwt) 
+gem's `encode` and `decode` methods.
+
+[![build-status](https://bitbucket-badges.useast.atlassian.io/badge/atlassian/atlassian-jwt-ruby.svg)](https://bitbucket.org/atlassian/atlassian-jwt-ruby/addon/pipelines/home)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'atlassian-jwt'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install atlassian-jwt
+
+## Usage
+
+In order to access the
+[Atlassian Connect REST APIs](https://developer.atlassian.com/static/connect/docs/latest/rest-apis/)
+an add-on authenticates using a JSON Web Token (JWT). The token is
+generated using the add-on's secret key and contains a *claim* which
+includes the add-on's key and a hashed version of the API URL the
+add-on is accessing. This gem simplifies generating the claim.
+
+### Generating a JWT Token
+
+```ruby
+require 'atlassian/jwt'
+
+# The URL of the API call, must include the query string, if any
+url = 'https://jira.atlassian.com/rest/api/latest/issue/JRA-9'
+# The key of the add-on as defined in the add-on description
+issuer = 'com.atlassian.example'
+http_method = 'get' # The HTTP Method (GET, POST, etc) of the API call
+shared_secret = '...' # "sharedSecret", returned when the add-on is installed.
+
+claim = Atlassian::Jwt.build_claims(issuer,url,http_method)
+jwt = JWT.encode(claim,shared_secret)
+```
+
+If the base URL of the API is not at the root of the site,
+i.e. *https://site.atlassian.net/jira/rest/api*, you will need to pass
+in the base URL to `#.build_claims`:
+
+```
+url = 'https://site.atlassian.net/jira/rest/api/latest/issue/JRA-9'
+base_url = 'https://site.atlassian.net'
+
+claim = Atlassian::Jwt.build_claims(issuer, url, http_method, base_url)
+```
+
+The generated JWT can then be passed in an 'Authentication' header or
+in the query string:
+
+```ruby
+# Header
+uri = URI('https://site.atlassian.net/rest/api/latest/issue/JRA-9')
+http = Net::HTTP.new(uri.host, uri.port)
+request = Net::HTTP::Get.new(uri.request_uri)
+request.initialize_http_header({'Authentication' => "JWT #{jwt}"})
+response = http.request(request)
+```
+
+```ruby
+# Query String
+uri = URI("https://site.atlassian.net/rest/api/latest/issue/JRA-9?jwt=#{jwt}")
+http = Net::HTTP.new(uri.host, uri.port)
+request = Net::HTTP::Get.new(uri.request_uri)
+response = http.request(request)
+```
+
+By default the issue time of the claim is now and the expiration is 60
+seconds in the future, these can be overridden:
+
+```ruby
+claim = Atlassian::Jwt.build_claims(
+  issuer,
+  url,
+  http_method,
+  base_url,
+  Time.now - 60.seconds
+  Time.now + 1.day
+)
+```
+
+### Decoding a JWT token
+
+The JWT from the server is usually returned a param. The underlying
+Ruby JWT gem returns an array with the first element being the claim
+and the second being the JWT header, which contains information about
+how the JWT was encoded.
+
+```ruby
+claims, jwt_header = Atlassian::Jwt.decode(params[:jwt], shared_secret)
+```
+
+By default, the JWT gem verifies that the JWT is properly signed with
+the shared secret and raises an error if it's not. However, sometimes
+is necessary to read the JWT first to determine which shared secret is
+needed. In this case, use nil for the shared secret and follow it with
+`false` to tell the gem to to verify the signature.
+
+```ruby
+claims, jwt_header = Atlassian::Jwt.decode(params[:jwt], nil, false)
+```
+
+See the [ruby-jwt doc](https://github.com/jwt/ruby-jwt) for additional
+details.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, 
+run `rake spec` to run the tests. You can also run `bin/console` for an 
+interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. 
+To release a new version, update the version number in `version.rb`, and 
+then run `bundle exec rake release`, which will create a git tag for the 
+version, push git commits and tags, and push the `.gem` file to 
+[rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on Bitbucket at
+https://bitbucket.org/atlassian/atlassian-jwt-ruby.

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/atlassian-jwt.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'atlassian/jwt/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "atlassian-jwt"
+  spec.version       = Atlassian::Jwt::VERSION
+  spec.authors       = ["Spike Ilacqua", "Seb Ruiz"]
+  spec.email         = ["spike@6kites.com", "sruiz@atlassian.com"]
+
+  spec.summary       = %q{Encode and decode JWT tokens for use with the Atlassian Connect REST APIs.}
+  spec.description   = %q{This gem simplifies generating the claims need to authenticate with the Atlassian Connect REST APIs.}
+  spec.homepage      = "https://bitbucket.org/atlassian/atlassian-jwt-ruby"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'jwt', '~> 1.5'
+  spec.add_development_dependency 'json', '~> 1.8'
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "atlassian/jwt"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/bitbucket-pipelines.yml

@@ -0,0 +1,14 @@
+# This is a sample build configuration for Ruby.
+# Only use spaces to indent your .yml configuration.
+# -----
+# You can specify a custom docker image from Dockerhub as your build environment.
+image: ruby:2.3.0
+
+pipelines:
+  default:
+    - step:
+        script: # Modify the commands below to build your repository.
+          - ruby --version
+          - bundler --version
+          - bundle install
+          - rake

data/lib/atlassian/jwt.rb

@@ -0,0 +1,76 @@
+require 'atlassian/jwt/version'
+require 'jwt'
+require 'uri'
+require 'cgi'
+
+module Atlassian
+  module Jwt
+    class << self
+      CANONICAL_QUERY_SEPARATOR = '&'
+      ESCAPED_CANONICAL_QUERY_SEPARATOR = '%26'
+
+      def decode(token,secret, validate = true, options = {})
+        options = { :algorithm => 'HS256' }.merge(options)
+        ::JWT.decode token, secret, validate, options
+      end
+
+      def encode(payload, secret, algorithm = 'HS256', header_fields = {})
+        ::JWT.encode payload, secret, algorithm, header_fields
+      end
+
+      def create_query_string_hash(uri, http_method, base_uri)
+        Digest::SHA256.hexdigest(
+          create_canonical_request(uri, http_method, base_uri)
+        )
+      end
+
+      def create_canonical_request(uri, http_method, base_uri)
+        uri = URI.parse(uri) unless uri.kind_of? URI
+        base_uri = URI.parse(base_uri) unless base_uri.kind_of? URI
+
+        path = canonicalize_uri(uri, base_uri)
+
+        [http_method.upcase,
+         canonicalize_uri(uri, base_uri),
+         canonicalize_query_string(uri.query)
+        ].join(CANONICAL_QUERY_SEPARATOR)
+      end
+
+      def build_claims(issuer,url,http_method,base_url='',issued_at=nil,expires=nil,attributes={})
+        issued_at ||= Time.now.to_i
+        expires ||= issued_at + 60
+        qsh = Digest::SHA256.hexdigest(
+          Atlassian::Jwt.create_canonical_request(url,http_method,base_url)
+        )
+
+        {
+          iss: issuer,
+          iat: issued_at,
+          exp: expires,
+          qsh: qsh
+        }.merge(attributes)
+      end
+
+      def canonicalize_uri(uri, base_uri)
+        path = uri.path.sub(/^#{base_uri.path}/,'')
+        path = '/' if path.nil? || path.empty?
+        path = '/' + path unless path.start_with? '/'
+        path.chomp!('/') if path.length > 1
+        path.gsub(CANONICAL_QUERY_SEPARATOR, ESCAPED_CANONICAL_QUERY_SEPARATOR)
+      end
+
+      def canonicalize_query_string(query)
+        return '' if query.nil? || query.empty?
+        query = CGI::parse(query)
+        query.delete('jwt')
+        query.each do |k, v|
+          query[k] = v.map {|a| CGI.escape a }.join(',') if v.is_a? Array
+          query[k].gsub!('+','%20') # Use %20, not CGI.escape default of "+"
+          query[k].gsub!('%7E','~') # Unescape "~" per JS tests
+        end
+        query = Hash[query.sort]
+        query.map {|k,v| "#{CGI.escape k}=#{v}" }.join('&')
+      end
+    end
+  end
+end

data/lib/atlassian/jwt/version.rb

@@ -0,0 +1,5 @@
+module Atlassian
+  module Jwt
+    VERSION = "0.1.1"
+  end
+end

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: atlassian-jwt
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Spike Ilacqua
+- Seb Ruiz
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-08-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: This gem simplifies generating the claims need to authenticate with the
+  Atlassian Connect REST APIs.
+email:
+- spike@6kites.com
+- sruiz@atlassian.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- README.md
+- Rakefile
+- atlassian-jwt.gemspec
+- bin/console
+- bin/setup
+- bitbucket-pipelines.yml
+- lib/atlassian/jwt.rb
+- lib/atlassian/jwt/version.rb
+homepage: https://bitbucket.org/atlassian/atlassian-jwt-ruby
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14.1
+signing_key: 
+specification_version: 4
+summary: Encode and decode JWT tokens for use with the Atlassian Connect REST APIs.
+test_files: []