auth0_rs256_jwt_verifier 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 62a95cfb84c90e4b8059e318f2c7bfcee71e8b27
-  data.tar.gz: 9e6cde7f7da12eeb4ddde673900eb9eb18b2a5d3
+SHA256:
+  metadata.gz: 3fb88a4efe73c0b27347ec0cd00883c67b078562795459506eac11c292347fde
+  data.tar.gz: 2419bc74be68cb430969eda6ce87fcfe2049b47b28827fecf03963846533dbc6
 SHA512:
-  metadata.gz: e5d78f48de5792166fff6903c7f3740be6bf1f5bb279971deba1363ce5e5151866d22b09f74508fb44c50248193372ab345410b2af921a7f9ba493b3a8eefd4e
-  data.tar.gz: 93a0adcddc9c89f60e846fe4331a1308d5c4c04d35098206d5cf105abea32ab06a2b36622cdda900e6d95cec243430bdfe8560f73e982153f682dcf591c8c397
+  metadata.gz: 22bb8c0f7f6da4538174141894cf620d037e770b4154c058900d3ed49069f30e053f168fa1cf722830150f252b1a711d2734691b27822290735ca90acce5644e
+  data.tar.gz: f41860a5f7c5ec048fa2c27459183d75abbafe489be8818a6efbfbc476d8c894f8ab0e2814a63f5df6c0b7432e6f057ffb94bf0aab9ea741a7c70cd2ae16e692

data/.travis.yml

@@ -0,0 +1,9 @@
+language: ruby
+rvm:
+  - 2.6.0
+  - 2.4.1
+  - 2.3.1
+  - jruby
+gemfile:
+  - gemfiles/json-jwt-1.7.gemfile
+  - gemfiles/json-jwt-1.10.gemfile

data/Gemfile

@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 source "https://rubygems.org"
-ruby "~> 2.4.0"
 
 gem "minitest", "~> 5"
 gem "rake", "~> 12.0.0"
-gem "http", "~>2.2.2"
+gem "http", "~> 4.1"
 gem "json-jwt", "~> 1.7.2"

data/README.md

@@ -1,6 +1,44 @@
-# Auth0 JWT (RS256) verification library
+[![Build Status](https://travis-ci.org/DroidsOnRoids/auth0_rs256_jwt_verifier.svg?branch=master)](https://travis-ci.org/DroidsOnRoids/auth0_rs256_jwt_verifier)
+
+# Auth0 JWT (RS256) verification library 
 [Auth0](https://auth0.com) is web service handling users identities which can be easily plugged
 into your application. It provides [SDKs](https://auth0.com/docs) for many languages which enable you to sign up/in users
 and returns access token ([JWT](https://jwt.io)) in exchange. Access token can be used then to access your's Web Service.
 This gem helps you to [verify](https://auth0.com/docs/api-auth/tutorials/verify-access-token#verify-the-signature)
 such access token which has been signed using the RS256 algorithm.
+
+## Installation
+Install the `auth0_rs256_jwt_verifier` package from [Rubygems](https://rubygems.org/gems/auth0_rs256_jwt_verifier):
+
+```bash
+    gem install auth0_rs256_jwt_verifier 
+```
+
+Install it using [Bundler](https://bundler.io/) specifying it as dependency in your Gemfile:
+
+```ruby
+    gem "auth0_rs256_jwt_verifier"
+```
+
+## Usage
+
+```ruby
+# Verifier caches RS256 certificates fetched from jwks_uri.
+# You should initialize it once and reuse for JWTs verification.
+
+require "auth0_rs256_jwt_verifier"
+
+AUTH0_JWT_VERIFIER = Auth0RS256JWTVerifier.new(
+  issuer:   "ISSUER",
+  audience: "AUDIENCE",
+  jwks_url: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
+)
+
+result = AUTH0_JWT_VERIFIER.verify("JWT_ACCESS_TOKEN_SIGNED_USING_RS256_ALGORITHM").valid?
+if result.valid?
+  p "Token is valid"
+  p "User id: #{result.user_id}"
+else
+  p "Token is invalid"
+end
+```

data/auth0_rs256_jwt_verifier.gemspec

@@ -1,25 +1,31 @@
 # frozen_string_literal: true
 Gem::Specification.new do |s|
-  s.name        = "auth0_rs256_jwt_verifier"
-  s.version     = "0.0.1"
-  s.date        = "2017-06-12"
-  s.summary     = "Auth0 JWT (RS256) verification library"
-  s.description = <<-DESCRIPTION.gsub(/\s+/, " ").strip
-                    Auth0 (https://auth0.com) is web service handling users identities which can be easily plugged
-                    into your application. It provides SDKs for many languages which enable you to sign up/in users
-                    and returns access token (JWT) in exchange. Access token can be used then to access your's Web Service.
-                    This gem helps you to verify
-                    (https://auth0.com/docs/api-auth/tutorials/verify-access-token#verify-the-signature)
-                    such access token which has been signed using the RS256 algorithm.
-                  DESCRIPTION
-  s.authors     = ["Krzysztof Zielonka"]
-  s.email       = "krzysztof.zielonka@droidsonroids.pl"
-  s.files       = `git ls-files`.split("\n")
-  s.test_files  = `git ls-files -- {test}/*`.split("\n")
-  s.homepage    = "https://rubygems.org/gems/auth0_rs256_jwt_verifier"
-  s.license     = "MIT"
-  s.add_runtime_dependency "http", "~> 2"
-  s.add_runtime_dependency "json-jwt", "~> 1.7"
+  s.name          = "auth0_rs256_jwt_verifier"
+  s.version       = "0.0.2"
+  s.date          = "2017-06-12"
+  s.summary       = "Auth0 JWT (RS256) verification library"
+  s.description   = <<-DESCRIPTION.gsub(/\s+/, " ").strip
+                      Auth0 (https://auth0.com) is web service handling users identities which can be easily plugged
+                      into your application. It provides SDKs for many languages which enable you to sign up/in users
+                      and returns access token (JWT) in exchange. Access token can be used then to access your's Web Service.
+                      This gem helps you to verify
+                      (https://auth0.com/docs/api-auth/tutorials/verify-access-token#verify-the-signature)
+                      such access token which has been signed using the RS256 algorithm.
+                    DESCRIPTION
+  s.authors       = ["Krzysztof Zielonka"]
+  s.email         = "krzysztof.zielonka@droidsonroids.pl"
+  s.license       = "MIT"
+  s.homepage      = "https://github.com/DroidsOnRoids/auth0_rs256_jwt_verifier"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test}/*`.split("\n")
+  s.require_paths = ["lib"]
+
+  s.required_ruby_version = ">= 2.2.0"
+
+  s.add_runtime_dependency "http", ">= 2"
+  s.add_runtime_dependency "json-jwt", ">= 1.7"
+
   s.add_development_dependency "rake", "~> 12"
   s.add_development_dependency "minitest", "~> 5"
 end

data/gemfiles/json-jwt-1.10.gemfile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+gem "minitest", "~> 5"
+gem "rake", "~> 12.0.0"
+gem "http", "~> 4.1"
+gem "json-jwt", "~> 1.10.0"

data/gemfiles/json-jwt-1.7.gemfile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+gem "minitest", "~> 5"
+gem "rake", "~> 12.0.0"
+gem "http", "~> 4.1"
+gem "json-jwt", "~> 1.7.0"

data/lib/auth0_rs256_jwt_verifier/certs_set.rb

@@ -9,6 +9,7 @@ class Auth0RS256JWTVerifier
     end
 
     def find(id)
+      id = String(id)
       cert = certs.find { |c| c.id == id }
       raise NotFoundError, "cert #{id} doesn't exist" if cert.nil?
       cert.cert
@@ -28,4 +29,5 @@ class Auth0RS256JWTVerifier
       OpenSSL::X509::Certificate.new(encoded)
     end
   end
+  private_constant :CertsSet
 end

data/lib/auth0_rs256_jwt_verifier/exp_verifier.rb

@@ -2,7 +2,9 @@
 class Auth0RS256JWTVerifier
   class ExpVerifier
     def expired?(exp)
+      exp = Integer(exp)
       Time.at(exp).utc < Time.now.utc
     end
   end
+  private_constant :ExpVerifier
 end

data/lib/auth0_rs256_jwt_verifier/jwk.rb

@@ -3,6 +3,16 @@ class Auth0RS256JWTVerifier
   class JWK
     ParseError = Class.new(RuntimeError)
 
+    def initialize(hash)
+      raise ParseError unless hash.is_a?(Hash)
+      %i(Alg Kty Use X5C N E Kid X5T).each do |field_name|
+        field = self.class.const_get(field_name).new(hash[String(field_name).downcase])
+        instance_variable_set("@#{String(field_name).downcase}", field)
+      end
+    end
+
+    attr_reader :alg, :kty, :use, :x5c, :n, :e, :kid, :x5t
+
     def inspect
       "JWK(\n"                    \
       "\talg: #{@alg},\n"         \
@@ -124,15 +134,6 @@ class Auth0RS256JWTVerifier
         @certificates.each { |cert| yield cert }
       end
     end
-
-    def initialize(hash)
-      raise ParseError unless hash.is_a?(Hash)
-      %i(Alg Kty Use X5C N E Kid X5T).each do |field_name|
-        field = self.class.const_get(field_name).new(hash[String(field_name).downcase])
-        instance_variable_set("@#{String(field_name).downcase}", field)
-      end
-    end
-
-    attr_reader :alg, :kty, :use, :x5c, :n, :e, :kid, :x5t
   end
+  private_constant :JWK
 end

data/lib/auth0_rs256_jwt_verifier/jwk_set_downloader.rb

@@ -3,6 +3,21 @@ class Auth0RS256JWTVerifier
   class JWKSetDownloader
     InvalidJWKSetError = Class.new(RuntimeError)
 
+    def initialize(http)
+      @http = http
+    end
+
+    def download(url)
+      url = String(url)
+      body = @http.get(url)
+      json = JSON.parse(body)
+      begin
+        JWKSet.new(json)
+      rescue JWKSet::ParseError
+        raise InvalidJWKSetError
+      end
+    end
+
     class JWKSet
       include Enumerable
 
@@ -22,20 +37,6 @@ class Auth0RS256JWTVerifier
       end
     end
     private_constant :JWKSet
-
-    def initialize(http)
-      @http = http
-    end
-
-    def download(url)
-      body = @http.get(url)
-      json = JSON.parse(body)
-      begin
-        JWKSet.new(json)
-      rescue JWKSet::ParseError
-        raise InvalidJWKSetError
-      end
-    end
   end
   private_constant :JWKSetDownloader
 end

data/lib/auth0_rs256_jwt_verifier/jwt_decoder.rb

@@ -9,6 +9,7 @@ class Auth0RS256JWTVerifier
     end
 
     def signed_with?(jwt_str, public_key)
+      jwt_str = String(jwt_str)
       JSON::JWT.decode(jwt_str, public_key)
       true
     rescue JSON::JWS::VerificationFailed

data/lib/auth0_rs256_jwt_verifier/results.rb

@@ -18,7 +18,7 @@ class Auth0RS256JWTVerifier
 
     class ValidAccessToken < Base
       def initialize(user_id)
-        @user_id = user_id
+        @user_id = UserId.new(user_id)
       end
 
       attr_reader :user_id

data/lib/auth0_rs256_jwt_verifier/valid_jwk_set.rb

@@ -24,4 +24,5 @@ class Auth0RS256JWTVerifier
         jwk.x5c.any?
     end
   end
+  private_constant :ValidJWKSet
 end

data/test/auth0_rs256_jwt_verifier/exp_verifier_test.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require "test_helper"
+
+class Auth0RS256JWTVerifier
+  describe ExpVerifier do
+    before :each do
+      @verificator = ExpVerifier.new
+    end
+
+    it "classifies value 0 as expired time" do
+      assert @verificator.expired?(0)
+    end
+
+    it "classifies future time as not expired" do
+      one_hour_from_now = (Time.now + 3600).to_i
+      refute @verificator.expired?(one_hour_from_now)
+    end
+  end
+end

data/test/auth0_rs256_jwt_verifier/jwt_decoder_test.rb

@@ -7,7 +7,7 @@ class Auth0RS256JWTVerifier
       @decoder = JWTDecoder.new
     end
 
-    it "should decodde simple jwt" do
+    it "should decode simple jwt" do
       jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImlkMTIzNCJ9." \
             "eyJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjoiYXVkaWVuY2UiLCJpc3MiO" \
             "iJpc3N1ZXIifQ.cp374RbcG-q8rTLxSoWtLK7dtn5cBa3_g4riKL9OSt0"

data/test/auth0_rs256_jwt_verifier_test.rb

@@ -101,16 +101,16 @@ describe Auth0RS256JWTVerifier do
   private
 
   def http_stub
-    @http_stub = Object.new
+    http_stub = Object.new
     jwks = sample_jwks
-    @http_stub.define_singleton_method(:get) { |*_| jwks }
-    @http_stub
+    http_stub.define_singleton_method(:get) { |*_| jwks }
+    http_stub
   end
 
   def exp_verifier_stub(expired: false)
-    @exp_verifier_stub = Object.new
-    @exp_verifier_stub.define_singleton_method(:expired?) { |*_| expired }
-    @exp_verifier_stub
+    exp_verifier_stub = Object.new
+    exp_verifier_stub.define_singleton_method(:expired?) { |*_| expired }
+    exp_verifier_stub
   end
 
   def sample_jwks

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth0_rs256_jwt_verifier
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Krzysztof Zielonka
@@ -14,28 +14,28 @@ dependencies:
   name: http
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
   name: json-jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
 - !ruby/object:Gem::Dependency
@@ -79,11 +79,13 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rubocop.yml"
+- ".travis.yml"
 - Gemfile
 - README.md
 - Rakefile
 - auth0_rs256_jwt_verifier.gemspec
-- lib/auth0_access_tokens_rs256_verifier.rb
+- gemfiles/json-jwt-1.10.gemfile
+- gemfiles/json-jwt-1.7.gemfile
 - lib/auth0_rs256_jwt_verifier.rb
 - lib/auth0_rs256_jwt_verifier/certs_set.rb
 - lib/auth0_rs256_jwt_verifier/exp_verifier.rb
@@ -95,13 +97,14 @@ files:
 - lib/auth0_rs256_jwt_verifier/user_id.rb
 - lib/auth0_rs256_jwt_verifier/valid_jwk_set.rb
 - test/.rubocop.yml
+- test/auth0_rs256_jwt_verifier/exp_verifier_test.rb
 - test/auth0_rs256_jwt_verifier/jwt_decoder_test.rb
 - test/auth0_rs256_jwt_verifier/jwt_decoder_wrapper_test.rb
 - test/auth0_rs256_jwt_verifier_test.rb
 - test/fixtures/sample_jwks.json
 - test/fixtures/sample_jwks_2.json
 - test/test_helper.rb
-homepage: https://rubygems.org/gems/auth0_rs256_jwt_verifier
+homepage: https://github.com/DroidsOnRoids/auth0_rs256_jwt_verifier
 licenses:
 - MIT
 metadata: {}
@@ -113,15 +116,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Auth0 JWT (RS256) verification library

data/lib/auth0_access_tokens_rs256_verifier.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-require "http"
-require "json"
-
-require "auth0_jwt_rs256_verifier/user_id"
-require "auth0_jwt_rs256_verifier/results"
-require "auth0_jwt_rs256_verifier/jwt_decoder"
-require "auth0_jwt_rs256_verifier/jwt_decoder_wrapper"
-require "auth0_jwt_rs256_verifier/jwk_set_downloader"
-require "auth0_jwt_rs256_verifier/valid_jwk_set"
-require "auth0_jwt_rs256_verifier/certs_set"
-require "auth0_jwt_rs256_verifier/exp_verifier"
-require "auth0_jwt_rs256_verifier/jwk"
-
-class Auth0RS256JWTVerifier
-  def initialize(issuer:, audience:, jwks_url:, http: HTTP, exp_verifier: ExpVerifier.new)
-    @audience        = audience
-    @issuer          = issuer
-    @jwks_url        = jwks_url
-    @jwks_downloader = JWKSetDownloader.new(http)
-    @exp_verifier    = exp_verifier
-    @certificates    = nil
-  end
-
-  def verify(access_token)
-    payload = JWTDecoderWrapper.new(
-      @audience,
-      @issuer,
-      certificates,
-      exp_verifier: @exp_verifier,
-      jwt_decoder: JWTDecoder.new,
-    ).decode(access_token)
-    Results::ValidAccessToken.new(UserId.new(payload.sub))
-  rescue JWTDecoderWrapper::Error
-    Results::INVALID_ACCESS_TOKEN
-  end
-
-  private
-
-  def certificates
-    return @certificates if @certificates
-    @certificates = CertsSet.new(ValidJWKSet.new(@jwks_downloader.download(@jwks_url)))
-  end
-end