cf-uaa-lib 1.3.3 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/uaa/scim.rb +2 -1
- data/lib/uaa/token_coder.rb +9 -1
- data/lib/uaa/version.rb +1 -1
- data/spec/token_coder_spec.rb +7 -2
- metadata +5 -5
data/lib/uaa/scim.rb
CHANGED
|
@@ -94,7 +94,8 @@ class Scim
|
|
|
94
94
|
# authorization header. For OAuth2 with JWT tokens this would be something
|
|
95
95
|
# like "bearer xxxx.xxxx.xxxx". The {TokenInfo} class provides
|
|
96
96
|
# {TokenInfo#auth_header} for this purpose.
|
|
97
|
-
# @param
|
|
97
|
+
# @param [Hash] options can be
|
|
98
|
+
# * +:symbolize_keys+, if true, returned hash keys are symbols.
|
|
98
99
|
def initialize(target, auth_header, options = {})
|
|
99
100
|
@target, @auth_header = target, auth_header
|
|
100
101
|
@key_style = options[:symbolize_keys] ? :downsym : :down
|
data/lib/uaa/token_coder.rb
CHANGED
|
@@ -41,6 +41,8 @@ class TokenCoder
|
|
|
41
41
|
opts[:audience_ids] = Util.arglist(opts[:audience_ids])
|
|
42
42
|
opts[:algorithm] = 'HS256' unless opts[:algorithm]
|
|
43
43
|
opts[:verify] = true unless opts.key?(:verify)
|
|
44
|
+
opts[:accept_algorithms] = Util.arglist(opts[:accept_algorithms],
|
|
45
|
+
["HS256", "HS384", "HS512", "RS256", "RS384", "RS512"])
|
|
44
46
|
opts
|
|
45
47
|
end
|
|
46
48
|
|
|
@@ -93,7 +95,10 @@ class TokenCoder
|
|
|
93
95
|
signing_input = [header_segment, payload_segment].join('.')
|
|
94
96
|
header = Util.json_decode64(header_segment)
|
|
95
97
|
payload = Util.json_decode64(payload_segment, (:sym if options[:symbolize_keys]))
|
|
96
|
-
return payload
|
|
98
|
+
return payload unless options[:verify]
|
|
99
|
+
raise DecodeError, "Signature algorithm not accepted" unless
|
|
100
|
+
options[:accept_algorithms].include?(algo = header["alg"])
|
|
101
|
+
return payload if algo == 'none'
|
|
97
102
|
signature = Util.decode64(crypto_segment)
|
|
98
103
|
if ["HS256", "HS384", "HS512"].include?(algo)
|
|
99
104
|
raise DecodeError, "Signature verification failed" unless
|
|
@@ -125,6 +130,9 @@ class TokenCoder
|
|
|
125
130
|
# HS384, HS512, RS256, RS384, RS512, or none.
|
|
126
131
|
# * :verify [String] -- Verifies signatures when decoding tokens. Defaults
|
|
127
132
|
# to +true+.
|
|
133
|
+
# * :accept_algorithms [String, Array<String>] -- An Array or space separated
|
|
134
|
+
# string of values which list what algorthms are accepted for token
|
|
135
|
+
# signatures. Defaults to all possible values of :algorithm except 'none'.
|
|
128
136
|
# @note the TokenCoder instance must be configured with the appropriate
|
|
129
137
|
# key material to support particular algorithm families and operations
|
|
130
138
|
# -- i.e. :pkey must include a private key in order to sign tokens with
|
data/lib/uaa/version.rb
CHANGED
data/spec/token_coder_spec.rb
CHANGED
|
@@ -64,13 +64,18 @@ describe TokenCoder do
|
|
|
64
64
|
result["foo"].should == "bar"
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
it "encodes/decodes with 'none' signature" do
|
|
67
|
+
it "encodes/decodes with 'none' signature if explicitly accepted" do
|
|
68
68
|
tkn = subject.encode(@tkn_body, 'none')
|
|
69
|
-
result =
|
|
69
|
+
result = TokenCoder.decode(tkn, :accept_algorithms => "none")
|
|
70
70
|
result.should_not be_nil
|
|
71
71
|
result["foo"].should == "bar"
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
it "rejects a token with 'none' signature by default" do
|
|
75
|
+
tkn = subject.encode(@tkn_body, 'none')
|
|
76
|
+
expect { TokenCoder.decode(tkn) }.to raise_exception(DecodeError)
|
|
77
|
+
end
|
|
78
|
+
|
|
74
79
|
it "raises an error if the signing algorithm is not supported" do
|
|
75
80
|
expect { subject.encode(@tkn_body, 'baz') }.to raise_exception(ArgumentError)
|
|
76
81
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cf-uaa-lib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2013-01-05 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: multi_json
|
|
@@ -195,7 +195,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
195
195
|
version: '0'
|
|
196
196
|
segments:
|
|
197
197
|
- 0
|
|
198
|
-
hash:
|
|
198
|
+
hash: -2055415488226018803
|
|
199
199
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
200
200
|
none: false
|
|
201
201
|
requirements:
|
|
@@ -204,10 +204,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
204
204
|
version: '0'
|
|
205
205
|
segments:
|
|
206
206
|
- 0
|
|
207
|
-
hash:
|
|
207
|
+
hash: -2055415488226018803
|
|
208
208
|
requirements: []
|
|
209
209
|
rubyforge_project: cf-uaa-lib
|
|
210
|
-
rubygems_version: 1.8.
|
|
210
|
+
rubygems_version: 1.8.23
|
|
211
211
|
signing_key:
|
|
212
212
|
specification_version: 3
|
|
213
213
|
summary: Client library for CloudFoundry UAA
|