authentic-rb 1.6.0 → 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authentic/error.rb +3 -0
  3. data/lib/authentic/validator.rb +2 -2
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bb1a72bbd0adfdc4e710bc9cb998eed816b68c2d478ee69d7e891028249a9b78
4
- data.tar.gz: a05603819fde73ff95e53a6c3feba89ddab1481bebf64a2fb2dffe6443231d62
3
+ metadata.gz: da8309740cedbfb47574f118cef97aa11a12df4b0e676224ad4fef77cc5c22b4
4
+ data.tar.gz: 46d7a401a4592ca7b1b300b6a1fb9d5f56c19768ec4912dc22b6176e8a697527
5
5
  SHA512:
6
- metadata.gz: ff375b3fa277837009eb7027a918d395a0aaebcd5eebc633b71070f02519407107112b6a1775143d0e3831441efe7e0188af0c3d1ae95de1866bf90e9b7a4660
7
- data.tar.gz: 8f48caceb8e1302b4a54d2a41bf42af3df2b8c66f609f5d5621368305c5efe0867945c311b2c52423840d63288520ad1fa2ea94f12f176a8f61a82bd7c56cc37
6
+ metadata.gz: cf58441c9eadd7ce25ad68c4b3ff630a0453c3c070bfc8090130a6ecf26fb811299d34e81f9ec7cc9579549883ea0bb4cf637898bd1d5bdcd304625e17b27ca8
7
+ data.tar.gz: 3248768b576342da140b068aa5d52afd8be6786e44eefb47763814ce4d4368492f655af880c9a980d9a38afda45ed71f43e34fbdd75073cc9ba345dde60622db
data/lib/authentic/error.rb CHANGED
@@ -22,4 +22,7 @@ module Authentic
22
22
 
23
23
  # Public: Represents an expired JWT.
24
24
  class ExpiredToken < StandardError; end
25
+
26
+ # Public: Represents an issuer that is not whitelisted. This should produce a 403 response.
27
+ class InvalidIssuer < StandardError; end
25
28
  end
data/lib/authentic/validator.rb CHANGED
@@ -25,7 +25,7 @@ module Authentic
25
25
  def valid?(token)
26
26
  ensure_valid(token)
27
27
  true
28
- rescue InvalidToken, ExpiredToken, InvalidKey, RequestError
28
+ rescue InvalidToken, ExpiredToken, InvalidKey, RequestError, InvalidIssuer
29
29
  false
30
30
  end
31
31
 
@@ -63,7 +63,7 @@ module Authentic
63
63
  raise InvalidToken, 'JWT was nil' unless token
64
64
 
65
65
  JSON::JWT.decode(token, :skip_verification).tap do |jwt|
66
- raise InvalidToken, 'JWT iss was not located in provided whitelist' unless iss_whitelist.include?(jwt[:iss])
66
+ raise InvalidIssuer, 'JWT iss was not located in provided whitelist' unless iss_whitelist.include?(jwt[:iss])
67
67
  end
68
68
  rescue JSON::JWT::InvalidFormat
69
69
  raise InvalidToken, 'JWT was in an invalid format'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentic-rb
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Articulate
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-03-13 00:00:00.000000000 Z
12
+ date: 2019-03-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json-jwt