atlassian-jwt 0.1.1 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 95822a295a203005eef8ab806c8271e186e79e60
4
- data.tar.gz: d86ec07e14e5ac7b4e1328b94026e38f84520e95
2
+ SHA256:
3
+ metadata.gz: 11b189ddedf47fb31da5da3e41a7641997f7d31f6195ab23f3bef034b16b79b4
4
+ data.tar.gz: fa507f2d111618fda00fc3235d101c775f0760bff4c7f81262af48a8ccdcca84
5
5
  SHA512:
6
- metadata.gz: 5ca63e222c259304cbfd59a9bdc93c7748afbfe7f99ccff349044a64ce28625e5c2fbb95329db43803118613e211d350e8e508942f3bc4daf4ed9ee5a9d67826
7
- data.tar.gz: a7596769f75d9f03d904c47fbb75ef5db2080b5ead8a395b26d5289f2be4e2e574a2b4cccba6b69d9352aa245eb5c42a33db2c72fc640d9b06bb9868477454ae
6
+ metadata.gz: b6a8c3c2ff05ae4551690c579329390dc5db212f98c629fa2bf3e98c8a092b76558132fa0fa9b1fb7b77ad36fe307e1fe576d927b57a4488c8514a4c0f6f1852
7
+ data.tar.gz: 1e358b8c3503334e54cd4e3aa512c35440ab6b299e2231050281d7a751672dfbfecf37333440a2f53c0bf8e2492680d480a9ceb53b12bd69986631c71e3f6930
data/CHANGELOG.md ADDED
@@ -0,0 +1,4 @@
1
+ ## 0.2.1
2
+
3
+ * [Allows minor versions of dependencies to be updated](https://bitbucket.org/atlassian/atlassian-jwt-ruby/pull-requests/7).
4
+ * [Adds the licence to the gemspec](https://bitbucket.org/atlassian/atlassian-jwt-ruby/pull-requests/6) so tools like [license_finder](https://rubygems.org/gems/license_finder) won’t fail.
data/LICENSE.txt ADDED
@@ -0,0 +1,13 @@
1
+ Copyright 2013 Atlassian Pty Ltd.
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
data/README.md CHANGED
@@ -1,11 +1,16 @@
1
1
  # Atlassian::Jwt
2
2
 
3
+ In order to access the
4
+ [Atlassian Connect REST APIs](https://developer.atlassian.com/cloud/jira/platform/rest/)
5
+ an app authenticates using a JSON Web Token (JWT). The token is
6
+ generated using the app's secret key and contains a *claim* which
7
+ includes the app's key and a hashed version of the API URL the
8
+ app is accessing. This gem simplifies generating the claim.
9
+
3
10
  This gem provides helpers for generating Atlassian specific JWT
4
- claims. It also exposes the [ruby-jwt](https://github.com/jwt/ruby-jwt)
11
+ claims. It also exposes the [ruby-jwt](https://github.com/jwt/ruby-jwt)
5
12
  gem's `encode` and `decode` methods.
6
13
 
7
- [![build-status](https://bitbucket-badges.useast.atlassian.io/badge/atlassian/atlassian-jwt-ruby.svg)](https://bitbucket.org/atlassian/atlassian-jwt-ruby/addon/pipelines/home)
8
-
9
14
  ## Installation
10
15
 
11
16
  Add this line to your application's Gemfile:
@@ -16,49 +21,46 @@ gem 'atlassian-jwt'
16
21
 
17
22
  And then execute:
18
23
 
19
- $ bundle
24
+ ```sh
25
+ bundle
26
+ ```
20
27
 
21
28
  Or install it yourself as:
22
29
 
23
- $ gem install atlassian-jwt
24
-
25
- ## Usage
26
-
27
- In order to access the
28
- [Atlassian Connect REST APIs](https://developer.atlassian.com/static/connect/docs/latest/rest-apis/)
29
- an add-on authenticates using a JSON Web Token (JWT). The token is
30
- generated using the add-on's secret key and contains a *claim* which
31
- includes the add-on's key and a hashed version of the API URL the
32
- add-on is accessing. This gem simplifies generating the claim.
30
+ ```sh
31
+ gem install atlassian-jwt
32
+ ```
33
33
 
34
- ### Generating a JWT Token
34
+ ## Generating a JWT Token
35
35
 
36
36
  ```ruby
37
37
  require 'atlassian/jwt'
38
38
 
39
39
  # The URL of the API call, must include the query string, if any
40
40
  url = 'https://jira.atlassian.com/rest/api/latest/issue/JRA-9'
41
- # The key of the add-on as defined in the add-on description
41
+ # The key of the app as defined in the app description
42
42
  issuer = 'com.atlassian.example'
43
- http_method = 'get' # The HTTP Method (GET, POST, etc) of the API call
44
- shared_secret = '...' # "sharedSecret", returned when the add-on is installed.
43
+ # The HTTP Method (GET, POST, etc) of the API call
44
+ http_method = 'get'
45
+ # The shared secret returned when the app is installed
46
+ shared_secret = '...'
45
47
 
46
- claim = Atlassian::Jwt.build_claims(issuer,url,http_method)
47
- jwt = JWT.encode(claim,shared_secret)
48
+ claim = Atlassian::Jwt.build_claims(issuer, url, http_method)
49
+ jwt = JWT.encode(claim, shared_secret)
48
50
  ```
49
51
 
50
52
  If the base URL of the API is not at the root of the site,
51
- i.e. *https://site.atlassian.net/jira/rest/api*, you will need to pass
52
- in the base URL to `#.build_claims`:
53
+ i.e. `https://site.atlassian.net/jira/rest/api`, you will need to pass
54
+ in the base URL to `build_claims`:
53
55
 
54
- ```
56
+ ```ruby
55
57
  url = 'https://site.atlassian.net/jira/rest/api/latest/issue/JRA-9'
56
58
  base_url = 'https://site.atlassian.net'
57
59
 
58
60
  claim = Atlassian::Jwt.build_claims(issuer, url, http_method, base_url)
59
61
  ```
60
62
 
61
- The generated JWT can then be passed in an 'Authentication' header or
63
+ The generated JWT can then be passed in an `Authorization` header or
62
64
  in the query string:
63
65
 
64
66
  ```ruby
@@ -66,7 +68,7 @@ in the query string:
66
68
  uri = URI('https://site.atlassian.net/rest/api/latest/issue/JRA-9')
67
69
  http = Net::HTTP.new(uri.host, uri.port)
68
70
  request = Net::HTTP::Get.new(uri.request_uri)
69
- request.initialize_http_header({'Authentication' => "JWT #{jwt}"})
71
+ request.initialize_http_header({'Authorization' => "JWT #{jwt}"})
70
72
  response = http.request(request)
71
73
  ```
72
74
 
@@ -87,15 +89,15 @@ claim = Atlassian::Jwt.build_claims(
87
89
  url,
88
90
  http_method,
89
91
  base_url,
90
- Time.now - 60.seconds
91
- Time.now + 1.day
92
+ (Time.now - 60.seconds).to_i,
93
+ (Time.now + 1.day).to_i
92
94
  )
93
95
  ```
94
96
 
95
- ### Decoding a JWT token
97
+ ## Decoding a JWT token
96
98
 
97
- The JWT from the server is usually returned a param. The underlying
98
- Ruby JWT gem returns an array with the first element being the claim
99
+ The JWT from the server is usually returned as a param. The underlying
100
+ Ruby JWT gem returns an array, with the first element being the claims
99
101
  and the second being the JWT header, which contains information about
100
102
  how the JWT was encoded.
101
103
 
@@ -104,9 +106,9 @@ claims, jwt_header = Atlassian::Jwt.decode(params[:jwt], shared_secret)
104
106
  ```
105
107
 
106
108
  By default, the JWT gem verifies that the JWT is properly signed with
107
- the shared secret and raises an error if it's not. However, sometimes
109
+ the shared secret and raises an error if it's not. However, sometimes it
108
110
  is necessary to read the JWT first to determine which shared secret is
109
- needed. In this case, use nil for the shared secret and follow it with
111
+ needed. In this case, use `nil` for the shared secret and follow it with
110
112
  `false` to tell the gem to to verify the signature.
111
113
 
112
114
  ```ruby
@@ -118,17 +120,20 @@ details.
118
120
 
119
121
  ## Development
120
122
 
121
- After checking out the repo, run `bin/setup` to install dependencies. Then,
122
- run `rake spec` to run the tests. You can also run `bin/console` for an
123
- interactive prompt that will allow you to experiment.
123
+ After checking out the repo, run `bin/setup` to install dependencies.
124
+
125
+ Run `rake spec` to run the tests.
126
+
127
+ Run `bin/console` for an interactive prompt that allows you to experiment.
128
+
129
+ Run `bundle exec rake install` to install this gem to your local machine.
124
130
 
125
- To install this gem onto your local machine, run `bundle exec rake install`.
126
- To release a new version, update the version number in `version.rb`, and
127
- then run `bundle exec rake release`, which will create a git tag for the
128
- version, push git commits and tags, and push the `.gem` file to
131
+ To release a new version, update the version number in `version.rb`, and
132
+ then run `bundle exec rake release`. It will create a git tag for the
133
+ version, push git commits and tags, and push the `.gem` file to
129
134
  [rubygems.org](https://rubygems.org).
130
135
 
131
136
  ## Contributing
132
137
 
133
- Bug reports and pull requests are welcome on Bitbucket at
134
- https://bitbucket.org/atlassian/atlassian-jwt-ruby.
138
+ Bug reports and pull requests are welcome on Bitbucket at:
139
+ https://bitbucket.org/atlassian/atlassian-jwt-ruby
@@ -4,24 +4,25 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
  require 'atlassian/jwt/version'
5
5
 
6
6
  Gem::Specification.new do |spec|
7
- spec.name = "atlassian-jwt"
7
+ spec.name = 'atlassian-jwt'
8
8
  spec.version = Atlassian::Jwt::VERSION
9
- spec.authors = ["Spike Ilacqua", "Seb Ruiz"]
10
- spec.email = ["spike@6kites.com", "sruiz@atlassian.com"]
9
+ spec.authors = ['Spike Ilacqua', 'Seb Ruiz', 'Ngoc Dao']
10
+ spec.email = ['spike@6kites.com', 'seb@sebruiz.net', 'ndao@atlassian.com']
11
11
 
12
12
  spec.summary = %q{Encode and decode JWT tokens for use with the Atlassian Connect REST APIs.}
13
- spec.description = %q{This gem simplifies generating the claims need to authenticate with the Atlassian Connect REST APIs.}
14
- spec.homepage = "https://bitbucket.org/atlassian/atlassian-jwt-ruby"
13
+ spec.description = %q{This gem simplifies generating the claims needed to authenticate with the Atlassian Connect REST APIs.}
14
+ spec.homepage = 'https://bitbucket.org/atlassian/atlassian-jwt-ruby'
15
15
 
16
16
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
17
- spec.bindir = "exe"
17
+ spec.bindir = 'exe'
18
18
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
- spec.require_paths = ["lib"]
19
+ spec.require_paths = ['lib']
20
+ spec.license = 'Apache 2.0'
20
21
 
21
- spec.add_runtime_dependency 'jwt', '~> 1.5'
22
- spec.add_development_dependency 'json', '~> 1.8'
22
+ spec.add_runtime_dependency 'jwt', '~> 2.1'
23
23
 
24
- spec.add_development_dependency "bundler", "~> 1.11"
25
- spec.add_development_dependency "rake", "~> 10.0"
26
- spec.add_development_dependency "rspec", "~> 3.0"
24
+ spec.add_development_dependency 'json', '~> 2.2'
25
+
26
+ spec.add_development_dependency 'rake', '~> 12.3'
27
+ spec.add_development_dependency 'rspec', '~> 3.8'
27
28
  end
@@ -1,5 +1,5 @@
1
1
  module Atlassian
2
2
  module Jwt
3
- VERSION = "0.1.1"
3
+ VERSION = "0.2.1"
4
4
  end
5
5
  end
data/lib/atlassian/jwt.rb CHANGED
@@ -9,13 +9,13 @@ module Atlassian
9
9
  CANONICAL_QUERY_SEPARATOR = '&'
10
10
  ESCAPED_CANONICAL_QUERY_SEPARATOR = '%26'
11
11
 
12
- def decode(token,secret, validate = true, options = {})
13
- options = { :algorithm => 'HS256' }.merge(options)
14
- ::JWT.decode token, secret, validate, options
12
+ def decode(token, secret, validate = true, options = {})
13
+ options = {:algorithm => 'HS256'}.merge(options)
14
+ ::JWT.decode(token, secret, validate, options)
15
15
  end
16
16
 
17
17
  def encode(payload, secret, algorithm = 'HS256', header_fields = {})
18
- ::JWT.encode payload, secret, algorithm, header_fields
18
+ ::JWT.encode(payload, secret, algorithm, header_fields)
19
19
  end
20
20
 
21
21
  def create_query_string_hash(uri, http_method, base_uri)
@@ -28,19 +28,18 @@ module Atlassian
28
28
  uri = URI.parse(uri) unless uri.kind_of? URI
29
29
  base_uri = URI.parse(base_uri) unless base_uri.kind_of? URI
30
30
 
31
- path = canonicalize_uri(uri, base_uri)
32
-
33
- [http_method.upcase,
34
- canonicalize_uri(uri, base_uri),
35
- canonicalize_query_string(uri.query)
31
+ [
32
+ http_method.upcase,
33
+ canonicalize_uri(uri, base_uri),
34
+ canonicalize_query_string(uri.query)
36
35
  ].join(CANONICAL_QUERY_SEPARATOR)
37
36
  end
38
37
 
39
- def build_claims(issuer,url,http_method,base_url='',issued_at=nil,expires=nil,attributes={})
38
+ def build_claims(issuer, url, http_method, base_url = '', issued_at = nil, expires = nil, attributes = {})
40
39
  issued_at ||= Time.now.to_i
41
40
  expires ||= issued_at + 60
42
41
  qsh = Digest::SHA256.hexdigest(
43
- Atlassian::Jwt.create_canonical_request(url,http_method,base_url)
42
+ Atlassian::Jwt.create_canonical_request(url, http_method, base_url)
44
43
  )
45
44
 
46
45
  {
@@ -52,7 +51,7 @@ module Atlassian
52
51
  end
53
52
 
54
53
  def canonicalize_uri(uri, base_uri)
55
- path = uri.path.sub(/^#{base_uri.path}/,'')
54
+ path = uri.path.sub(/^#{base_uri.path}/, '')
56
55
  path = '/' if path.nil? || path.empty?
57
56
  path = '/' + path unless path.start_with? '/'
58
57
  path.chomp!('/') if path.length > 1
@@ -61,15 +60,16 @@ module Atlassian
61
60
 
62
61
  def canonicalize_query_string(query)
63
62
  return '' if query.nil? || query.empty?
63
+
64
64
  query = CGI::parse(query)
65
65
  query.delete('jwt')
66
66
  query.each do |k, v|
67
- query[k] = v.map {|a| CGI.escape a }.join(',') if v.is_a? Array
68
- query[k].gsub!('+','%20') # Use %20, not CGI.escape default of "+"
69
- query[k].gsub!('%7E','~') # Unescape "~" per JS tests
67
+ query[k] = v.map { |a| CGI.escape a }.join(',') if v.is_a? Array
68
+ query[k].gsub!('+', '%20') # Use %20, not CGI.escape default of "+"
69
+ query[k].gsub!('%7E', '~') # Unescape "~" per JS tests
70
70
  end
71
71
  query = Hash[query.sort]
72
- query.map {|k,v| "#{CGI.escape k}=#{v}" }.join('&')
72
+ query.map { |k,v| "#{CGI.escape k}=#{v}" }.join(CANONICAL_QUERY_SEPARATOR)
73
73
  end
74
74
  end
75
75
  end
metadata CHANGED
@@ -1,98 +1,88 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: atlassian-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Spike Ilacqua
8
8
  - Seb Ruiz
9
+ - Ngoc Dao
9
10
  autorequire:
10
11
  bindir: exe
11
12
  cert_chain: []
12
- date: 2016-08-22 00:00:00.000000000 Z
13
+ date: 2021-08-12 00:00:00.000000000 Z
13
14
  dependencies:
14
15
  - !ruby/object:Gem::Dependency
15
16
  name: jwt
16
17
  requirement: !ruby/object:Gem::Requirement
17
18
  requirements:
18
- - - ~>
19
+ - - "~>"
19
20
  - !ruby/object:Gem::Version
20
- version: '1.5'
21
+ version: '2.1'
21
22
  type: :runtime
22
23
  prerelease: false
23
24
  version_requirements: !ruby/object:Gem::Requirement
24
25
  requirements:
25
- - - ~>
26
+ - - "~>"
26
27
  - !ruby/object:Gem::Version
27
- version: '1.5'
28
+ version: '2.1'
28
29
  - !ruby/object:Gem::Dependency
29
30
  name: json
30
31
  requirement: !ruby/object:Gem::Requirement
31
32
  requirements:
32
- - - ~>
33
+ - - "~>"
33
34
  - !ruby/object:Gem::Version
34
- version: '1.8'
35
+ version: '2.2'
35
36
  type: :development
36
37
  prerelease: false
37
38
  version_requirements: !ruby/object:Gem::Requirement
38
39
  requirements:
39
- - - ~>
40
+ - - "~>"
40
41
  - !ruby/object:Gem::Version
41
- version: '1.8'
42
- - !ruby/object:Gem::Dependency
43
- name: bundler
44
- requirement: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - ~>
47
- - !ruby/object:Gem::Version
48
- version: '1.11'
49
- type: :development
50
- prerelease: false
51
- version_requirements: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - ~>
54
- - !ruby/object:Gem::Version
55
- version: '1.11'
42
+ version: '2.2'
56
43
  - !ruby/object:Gem::Dependency
57
44
  name: rake
58
45
  requirement: !ruby/object:Gem::Requirement
59
46
  requirements:
60
- - - ~>
47
+ - - "~>"
61
48
  - !ruby/object:Gem::Version
62
- version: '10.0'
49
+ version: '12.3'
63
50
  type: :development
64
51
  prerelease: false
65
52
  version_requirements: !ruby/object:Gem::Requirement
66
53
  requirements:
67
- - - ~>
54
+ - - "~>"
68
55
  - !ruby/object:Gem::Version
69
- version: '10.0'
56
+ version: '12.3'
70
57
  - !ruby/object:Gem::Dependency
71
58
  name: rspec
72
59
  requirement: !ruby/object:Gem::Requirement
73
60
  requirements:
74
- - - ~>
61
+ - - "~>"
75
62
  - !ruby/object:Gem::Version
76
- version: '3.0'
63
+ version: '3.8'
77
64
  type: :development
78
65
  prerelease: false
79
66
  version_requirements: !ruby/object:Gem::Requirement
80
67
  requirements:
81
- - - ~>
68
+ - - "~>"
82
69
  - !ruby/object:Gem::Version
83
- version: '3.0'
84
- description: This gem simplifies generating the claims need to authenticate with the
85
- Atlassian Connect REST APIs.
70
+ version: '3.8'
71
+ description: This gem simplifies generating the claims needed to authenticate with
72
+ the Atlassian Connect REST APIs.
86
73
  email:
87
74
  - spike@6kites.com
88
- - sruiz@atlassian.com
75
+ - seb@sebruiz.net
76
+ - ndao@atlassian.com
89
77
  executables: []
90
78
  extensions: []
91
79
  extra_rdoc_files: []
92
80
  files:
93
- - .gitignore
94
- - .rspec
81
+ - ".gitignore"
82
+ - ".rspec"
83
+ - CHANGELOG.md
95
84
  - Gemfile
85
+ - LICENSE.txt
96
86
  - README.md
97
87
  - Rakefile
98
88
  - atlassian-jwt.gemspec
@@ -102,7 +92,8 @@ files:
102
92
  - lib/atlassian/jwt.rb
103
93
  - lib/atlassian/jwt/version.rb
104
94
  homepage: https://bitbucket.org/atlassian/atlassian-jwt-ruby
105
- licenses: []
95
+ licenses:
96
+ - Apache 2.0
106
97
  metadata: {}
107
98
  post_install_message:
108
99
  rdoc_options: []
@@ -110,17 +101,16 @@ require_paths:
110
101
  - lib
111
102
  required_ruby_version: !ruby/object:Gem::Requirement
112
103
  requirements:
113
- - - '>='
104
+ - - ">="
114
105
  - !ruby/object:Gem::Version
115
106
  version: '0'
116
107
  required_rubygems_version: !ruby/object:Gem::Requirement
117
108
  requirements:
118
- - - '>='
109
+ - - ">="
119
110
  - !ruby/object:Gem::Version
120
111
  version: '0'
121
112
  requirements: []
122
- rubyforge_project:
123
- rubygems_version: 2.0.14.1
113
+ rubygems_version: 3.0.3
124
114
  signing_key:
125
115
  specification_version: 4
126
116
  summary: Encode and decode JWT tokens for use with the Atlassian Connect REST APIs.