cf-uaa-lib 1.3.3 → 1.3.4
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/uaa/scim.rb +2 -1
- data/lib/uaa/token_coder.rb +9 -1
- data/lib/uaa/version.rb +1 -1
- data/spec/token_coder_spec.rb +7 -2
- metadata +5 -5
data/lib/uaa/scim.rb
CHANGED
|
@@ -94,7 +94,8 @@ class Scim
|
|
|
94
94
|
# authorization header. For OAuth2 with JWT tokens this would be something
|
|
95
95
|
# like "bearer xxxx.xxxx.xxxx". The {TokenInfo} class provides
|
|
96
96
|
# {TokenInfo#auth_header} for this purpose.
|
|
97
|
-
# @param
|
|
97
|
+
# @param [Hash] options can be
|
|
98
|
+
# * +:symbolize_keys+, if true, returned hash keys are symbols.
|
|
98
99
|
def initialize(target, auth_header, options = {})
|
|
99
100
|
@target, @auth_header = target, auth_header
|
|
100
101
|
@key_style = options[:symbolize_keys] ? :downsym : :down
|
data/lib/uaa/token_coder.rb
CHANGED
|
@@ -41,6 +41,8 @@ class TokenCoder
|
|
|
41
41
|
opts[:audience_ids] = Util.arglist(opts[:audience_ids])
|
|
42
42
|
opts[:algorithm] = 'HS256' unless opts[:algorithm]
|
|
43
43
|
opts[:verify] = true unless opts.key?(:verify)
|
|
44
|
+
opts[:accept_algorithms] = Util.arglist(opts[:accept_algorithms],
|
|
45
|
+
["HS256", "HS384", "HS512", "RS256", "RS384", "RS512"])
|
|
44
46
|
opts
|
|
45
47
|
end
|
|
46
48
|
|
|
@@ -93,7 +95,10 @@ class TokenCoder
|
|
|
93
95
|
signing_input = [header_segment, payload_segment].join('.')
|
|
94
96
|
header = Util.json_decode64(header_segment)
|
|
95
97
|
payload = Util.json_decode64(payload_segment, (:sym if options[:symbolize_keys]))
|
|
96
|
-
return payload
|
|
98
|
+
return payload unless options[:verify]
|
|
99
|
+
raise DecodeError, "Signature algorithm not accepted" unless
|
|
100
|
+
options[:accept_algorithms].include?(algo = header["alg"])
|
|
101
|
+
return payload if algo == 'none'
|
|
97
102
|
signature = Util.decode64(crypto_segment)
|
|
98
103
|
if ["HS256", "HS384", "HS512"].include?(algo)
|
|
99
104
|
raise DecodeError, "Signature verification failed" unless
|
|
@@ -125,6 +130,9 @@ class TokenCoder
|
|
|
125
130
|
# HS384, HS512, RS256, RS384, RS512, or none.
|
|
126
131
|
# * :verify [String] -- Verifies signatures when decoding tokens. Defaults
|
|
127
132
|
# to +true+.
|
|
133
|
+
# * :accept_algorithms [String, Array<String>] -- An Array or space separated
|
|
134
|
+
# string of values which list what algorthms are accepted for token
|
|
135
|
+
# signatures. Defaults to all possible values of :algorithm except 'none'.
|
|
128
136
|
# @note the TokenCoder instance must be configured with the appropriate
|
|
129
137
|
# key material to support particular algorithm families and operations
|
|
130
138
|
# -- i.e. :pkey must include a private key in order to sign tokens with
|
data/lib/uaa/version.rb
CHANGED
data/spec/token_coder_spec.rb
CHANGED
|
@@ -64,13 +64,18 @@ describe TokenCoder do
|
|
|
64
64
|
result["foo"].should == "bar"
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
it "encodes/decodes with 'none' signature" do
|
|
67
|
+
it "encodes/decodes with 'none' signature if explicitly accepted" do
|
|
68
68
|
tkn = subject.encode(@tkn_body, 'none')
|
|
69
|
-
result =
|
|
69
|
+
result = TokenCoder.decode(tkn, :accept_algorithms => "none")
|
|
70
70
|
result.should_not be_nil
|
|
71
71
|
result["foo"].should == "bar"
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
it "rejects a token with 'none' signature by default" do
|
|
75
|
+
tkn = subject.encode(@tkn_body, 'none')
|
|
76
|
+
expect { TokenCoder.decode(tkn) }.to raise_exception(DecodeError)
|
|
77
|
+
end
|
|
78
|
+
|
|
74
79
|
it "raises an error if the signing algorithm is not supported" do
|
|
75
80
|
expect { subject.encode(@tkn_body, 'baz') }.to raise_exception(ArgumentError)
|
|
76
81
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cf-uaa-lib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2013-01-05 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: multi_json
|
|
@@ -195,7 +195,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
195
195
|
version: '0'
|
|
196
196
|
segments:
|
|
197
197
|
- 0
|
|
198
|
-
hash:
|
|
198
|
+
hash: -2055415488226018803
|
|
199
199
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
200
200
|
none: false
|
|
201
201
|
requirements:
|
|
@@ -204,10 +204,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
204
204
|
version: '0'
|
|
205
205
|
segments:
|
|
206
206
|
- 0
|
|
207
|
-
hash:
|
|
207
|
+
hash: -2055415488226018803
|
|
208
208
|
requirements: []
|
|
209
209
|
rubyforge_project: cf-uaa-lib
|
|
210
|
-
rubygems_version: 1.8.
|
|
210
|
+
rubygems_version: 1.8.23
|
|
211
211
|
signing_key:
|
|
212
212
|
specification_version: 3
|
|
213
213
|
summary: Client library for CloudFoundry UAA
|