atlassian-jwt 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 95822a295a203005eef8ab806c8271e186e79e60
-  data.tar.gz: d86ec07e14e5ac7b4e1328b94026e38f84520e95
+SHA256:
+  metadata.gz: e3eed187061bc95e7468c34ac29c49a245ecc58fd233561d44928a0b106904c6
+  data.tar.gz: b838ab4ff15309364c7dbbe7b47745c3366fc0d727ece760a9b99826f701af9e
 SHA512:
-  metadata.gz: 5ca63e222c259304cbfd59a9bdc93c7748afbfe7f99ccff349044a64ce28625e5c2fbb95329db43803118613e211d350e8e508942f3bc4daf4ed9ee5a9d67826
-  data.tar.gz: a7596769f75d9f03d904c47fbb75ef5db2080b5ead8a395b26d5289f2be4e2e574a2b4cccba6b69d9352aa245eb5c42a33db2c72fc640d9b06bb9868477454ae
+  metadata.gz: c546539a198300fcf0b748a4041a685b6c868b053db449906d075fb1c052f2ee401302524dc043cbf9109c36222084e9d3a4eafd419e4a0df2b200ec3af44f9f
+  data.tar.gz: 71147aa45d2feed710f0840314a47c93a757f5957405386bb16149833175f855ee5bdbb6dfb541633694cd3581ff8d3e254f05f9e38327d7933f43a7e0728c24

data/LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright 2013 Atlassian Pty Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -1,11 +1,16 @@
 # Atlassian::Jwt
 
+In order to access the
+[Atlassian Connect REST APIs](https://developer.atlassian.com/cloud/jira/platform/rest/)
+an app authenticates using a JSON Web Token (JWT). The token is
+generated using the app's secret key and contains a *claim* which
+includes the app's key and a hashed version of the API URL the
+app is accessing. This gem simplifies generating the claim.
+
 This gem provides helpers for generating Atlassian specific JWT
-claims. It also exposes the [ruby-jwt](https://github.com/jwt/ruby-jwt) 
+claims. It also exposes the [ruby-jwt](https://github.com/jwt/ruby-jwt)
 gem's `encode` and `decode` methods.
 
-[![build-status](https://bitbucket-badges.useast.atlassian.io/badge/atlassian/atlassian-jwt-ruby.svg)](https://bitbucket.org/atlassian/atlassian-jwt-ruby/addon/pipelines/home)
-
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -16,49 +21,46 @@ gem 'atlassian-jwt'
 
 And then execute:
 
-    $ bundle
+```sh
+bundle
+```
 
 Or install it yourself as:
 
-    $ gem install atlassian-jwt
-
-## Usage
-
-In order to access the
-[Atlassian Connect REST APIs](https://developer.atlassian.com/static/connect/docs/latest/rest-apis/)
-an add-on authenticates using a JSON Web Token (JWT). The token is
-generated using the add-on's secret key and contains a *claim* which
-includes the add-on's key and a hashed version of the API URL the
-add-on is accessing. This gem simplifies generating the claim.
+```sh
+gem install atlassian-jwt
+```
 
-### Generating a JWT Token
+## Generating a JWT Token
 
 ```ruby
 require 'atlassian/jwt'
 
 # The URL of the API call, must include the query string, if any
 url = 'https://jira.atlassian.com/rest/api/latest/issue/JRA-9'
-# The key of the add-on as defined in the add-on description
+# The key of the app as defined in the app description
 issuer = 'com.atlassian.example'
-http_method = 'get' # The HTTP Method (GET, POST, etc) of the API call
-shared_secret = '...' # "sharedSecret", returned when the add-on is installed.
+# The HTTP Method (GET, POST, etc) of the API call
+http_method = 'get'
+# The shared secret returned when the app is installed
+shared_secret = '...'
 
-claim = Atlassian::Jwt.build_claims(issuer,url,http_method)
-jwt = JWT.encode(claim,shared_secret)
+claim = Atlassian::Jwt.build_claims(issuer, url, http_method)
+jwt = JWT.encode(claim, shared_secret)
 ```
 
 If the base URL of the API is not at the root of the site,
-i.e. *https://site.atlassian.net/jira/rest/api*, you will need to pass
-in the base URL to `#.build_claims`:
+i.e. `https://site.atlassian.net/jira/rest/api`, you will need to pass
+in the base URL to `build_claims`:
 
-```
+```ruby
 url = 'https://site.atlassian.net/jira/rest/api/latest/issue/JRA-9'
 base_url = 'https://site.atlassian.net'
 
 claim = Atlassian::Jwt.build_claims(issuer, url, http_method, base_url)
 ```
 
-The generated JWT can then be passed in an 'Authentication' header or
+The generated JWT can then be passed in an `Authorization` header or
 in the query string:
 
 ```ruby
@@ -66,7 +68,7 @@ in the query string:
 uri = URI('https://site.atlassian.net/rest/api/latest/issue/JRA-9')
 http = Net::HTTP.new(uri.host, uri.port)
 request = Net::HTTP::Get.new(uri.request_uri)
-request.initialize_http_header({'Authentication' => "JWT #{jwt}"})
+request.initialize_http_header({'Authorization' => "JWT #{jwt}"})
 response = http.request(request)
 ```
 
@@ -87,15 +89,15 @@ claim = Atlassian::Jwt.build_claims(
   url,
   http_method,
   base_url,
-  Time.now - 60.seconds
-  Time.now + 1.day
+  (Time.now - 60.seconds).to_i,
+  (Time.now + 1.day).to_i
 )
 ```
 
-### Decoding a JWT token
+## Decoding a JWT token
 
-The JWT from the server is usually returned a param. The underlying
-Ruby JWT gem returns an array with the first element being the claim
+The JWT from the server is usually returned as a param. The underlying
+Ruby JWT gem returns an array, with the first element being the claims
 and the second being the JWT header, which contains information about
 how the JWT was encoded.
 
@@ -104,9 +106,9 @@ claims, jwt_header = Atlassian::Jwt.decode(params[:jwt], shared_secret)
 ```
 
 By default, the JWT gem verifies that the JWT is properly signed with
-the shared secret and raises an error if it's not. However, sometimes
+the shared secret and raises an error if it's not. However, sometimes it
 is necessary to read the JWT first to determine which shared secret is
-needed. In this case, use nil for the shared secret and follow it with
+needed. In this case, use `nil` for the shared secret and follow it with
 `false` to tell the gem to to verify the signature.
 
 ```ruby
@@ -118,17 +120,20 @@ details.
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, 
-run `rake spec` to run the tests. You can also run `bin/console` for an 
-interactive prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies.
+
+Run `rake spec` to run the tests.
+
+Run `bin/console` for an interactive prompt that allows you to experiment.
+
+Run `bundle exec rake install` to install this gem to your local machine.
 
-To install this gem onto your local machine, run `bundle exec rake install`. 
-To release a new version, update the version number in `version.rb`, and 
-then run `bundle exec rake release`, which will create a git tag for the 
-version, push git commits and tags, and push the `.gem` file to 
+To release a new version, update the version number in `version.rb`, and
+then run `bundle exec rake release`. It will create a git tag for the
+version, push git commits and tags, and push the `.gem` file to
 [rubygems.org](https://rubygems.org).
 
 ## Contributing
 
-Bug reports and pull requests are welcome on Bitbucket at
-https://bitbucket.org/atlassian/atlassian-jwt-ruby.
+Bug reports and pull requests are welcome on Bitbucket at:
+https://bitbucket.org/atlassian/atlassian-jwt-ruby

data/atlassian-jwt.gemspec

@@ -4,24 +4,24 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'atlassian/jwt/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "atlassian-jwt"
+  spec.name          = 'atlassian-jwt'
   spec.version       = Atlassian::Jwt::VERSION
-  spec.authors       = ["Spike Ilacqua", "Seb Ruiz"]
-  spec.email         = ["spike@6kites.com", "sruiz@atlassian.com"]
+  spec.authors       = ['Spike Ilacqua', 'Seb Ruiz', 'Ngoc Dao']
+  spec.email         = ['spike@6kites.com', 'seb@sebruiz.net', 'ndao@atlassian.com']
 
   spec.summary       = %q{Encode and decode JWT tokens for use with the Atlassian Connect REST APIs.}
-  spec.description   = %q{This gem simplifies generating the claims need to authenticate with the Atlassian Connect REST APIs.}
-  spec.homepage      = "https://bitbucket.org/atlassian/atlassian-jwt-ruby"
+  spec.description   = %q{This gem simplifies generating the claims needed to authenticate with the Atlassian Connect REST APIs.}
+  spec.homepage      = 'https://bitbucket.org/atlassian/atlassian-jwt-ruby'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'jwt', '~> 1.5'
-  spec.add_development_dependency 'json', '~> 1.8'
+  spec.add_runtime_dependency 'jwt', '~> 2.1.0'
 
-  spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency 'json', '~> 2.2.0'
+
+  spec.add_development_dependency 'rake', '~> 12.3.2'
+  spec.add_development_dependency 'rspec', '~> 3.8.0'
 end

data/lib/atlassian/jwt.rb

@@ -9,13 +9,13 @@ module Atlassian
       CANONICAL_QUERY_SEPARATOR = '&'
       ESCAPED_CANONICAL_QUERY_SEPARATOR = '%26'
 
-      def decode(token,secret, validate = true, options = {})
-        options = { :algorithm => 'HS256' }.merge(options)
-        ::JWT.decode token, secret, validate, options
+      def decode(token, secret, validate = true, options = {})
+        options = {:algorithm => 'HS256'}.merge(options)
+        ::JWT.decode(token, secret, validate, options)
       end
 
       def encode(payload, secret, algorithm = 'HS256', header_fields = {})
-        ::JWT.encode payload, secret, algorithm, header_fields
+        ::JWT.encode(payload, secret, algorithm, header_fields)
       end
 
       def create_query_string_hash(uri, http_method, base_uri)
@@ -28,19 +28,18 @@ module Atlassian
         uri = URI.parse(uri) unless uri.kind_of? URI
         base_uri = URI.parse(base_uri) unless base_uri.kind_of? URI
 
-        path = canonicalize_uri(uri, base_uri)
-
-        [http_method.upcase,
-         canonicalize_uri(uri, base_uri),
-         canonicalize_query_string(uri.query)
+        [
+          http_method.upcase,
+          canonicalize_uri(uri, base_uri),
+          canonicalize_query_string(uri.query)
         ].join(CANONICAL_QUERY_SEPARATOR)
       end
 
-      def build_claims(issuer,url,http_method,base_url='',issued_at=nil,expires=nil,attributes={})
+      def build_claims(issuer, url, http_method, base_url = '', issued_at = nil, expires = nil, attributes = {})
         issued_at ||= Time.now.to_i
         expires ||= issued_at + 60
         qsh = Digest::SHA256.hexdigest(
-          Atlassian::Jwt.create_canonical_request(url,http_method,base_url)
+          Atlassian::Jwt.create_canonical_request(url, http_method, base_url)
         )
 
         {
@@ -52,7 +51,7 @@ module Atlassian
       end
 
       def canonicalize_uri(uri, base_uri)
-        path = uri.path.sub(/^#{base_uri.path}/,'')
+        path = uri.path.sub(/^#{base_uri.path}/, '')
         path = '/' if path.nil? || path.empty?
         path = '/' + path unless path.start_with? '/'
         path.chomp!('/') if path.length > 1
@@ -61,15 +60,16 @@ module Atlassian
 
       def canonicalize_query_string(query)
         return '' if query.nil? || query.empty?
+
         query = CGI::parse(query)
         query.delete('jwt')
         query.each do |k, v|
-          query[k] = v.map {|a| CGI.escape a }.join(',') if v.is_a? Array
-          query[k].gsub!('+','%20') # Use %20, not CGI.escape default of "+"
-          query[k].gsub!('%7E','~') # Unescape "~" per JS tests
+          query[k] = v.map { |a| CGI.escape a }.join(',') if v.is_a? Array
+          query[k].gsub!('+', '%20')  # Use %20, not CGI.escape default of "+"
+          query[k].gsub!('%7E', '~')  # Unescape "~" per JS tests
         end
         query = Hash[query.sort]
-        query.map {|k,v| "#{CGI.escape k}=#{v}" }.join('&')
+        query.map { |k,v| "#{CGI.escape k}=#{v}" }.join(CANONICAL_QUERY_SEPARATOR)
       end
     end
   end

data/lib/atlassian/jwt/version.rb

@@ -1,5 +1,5 @@
 module Atlassian
   module Jwt
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
   end
 end

metadata

@@ -1,98 +1,87 @@
 --- !ruby/object:Gem::Specification
 name: atlassian-jwt
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Spike Ilacqua
 - Seb Ruiz
+- Ngoc Dao
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-08-22 00:00:00.000000000 Z
+date: 2019-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: 2.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '1.11'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '1.11'
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.2
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 3.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
-description: This gem simplifies generating the claims need to authenticate with the
-  Atlassian Connect REST APIs.
+        version: 3.8.0
+description: This gem simplifies generating the claims needed to authenticate with
+  the Atlassian Connect REST APIs.
 email:
 - spike@6kites.com
-- sruiz@atlassian.com
+- seb@sebruiz.net
+- ndao@atlassian.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
+- ".gitignore"
+- ".rspec"
 - Gemfile
+- LICENSE.txt
 - README.md
 - Rakefile
 - atlassian-jwt.gemspec
@@ -110,17 +99,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14.1
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Encode and decode JWT tokens for use with the Atlassian Connect REST APIs.