fernet 1.4 → 1.5

data/.gitignore

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+.rbenv-version

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+
+rvm:
+  - "1.9.3"
+  - "1.9.2"
+  - rbx-19mode
+  - "1.8.7"
+  - jruby-18mode
+  - jruby-19mode
+
+script: bundle exec rspec -b spec

data/Gemfile

@@ -1,4 +1,8 @@
 source 'https://rubygems.org'
 
+platforms :jruby do
+  gem 'jruby-openssl', '~> 0.7.7'
+end
+
 # Specify your gem's dependencies in fernet.gemspec
 gemspec

data/README.md

@@ -1,7 +1,11 @@
 # Fernet
 
-Fernet allows you to easily generate and verify HMAC based authentication
-tokens for issuing API requests between remote servers.
+[![Build Status](https://secure.travis-ci.org/hgmnz/fernet.png)](http://travis-ci.org/hgmnz/fernet)
+[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/hgmnz/fernet)
+
+Fernet allows you to easily generate and verify **HMAC based authentication
+tokens** for issuing API requests between remote servers. It also **encrypts**
+data by default, so it can be used to transmit secure messages over the wire.
 
 ![Fernet](http://f.cl.ly/items/2d0P3d26271O3p2v253u/photo.JPG)
 
@@ -55,8 +59,8 @@ Otherwise, `verified` will be false, and you should deny the request with an
 HTTP 401, for example.
 
 The `Fernet.verify` method can be awkward if extracting the plain text data is
-required. For this case, a `verifier` can be requested that makes more
-pleasent:
+required. For this case, a `verifier` can be requested that makes that
+use case more pleasent:
 
 ```ruby
 verifier = Fernet.verifier(secret, token)

data/fernet.gemspec

@@ -15,7 +15,5 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Fernet::VERSION
 
-  gem.add_dependency "yajl-ruby"
-
   gem.add_development_dependency "rspec"
 end

data/lib/fernet.rb

@@ -3,6 +3,7 @@ require 'fernet/generator'
 require 'fernet/verifier'
 require 'fernet/secret'
 require 'fernet/configuration'
+require 'fernet/okjson'
 
 if RUBY_VERSION == '1.8.7'
   require 'shim/base64'

data/lib/fernet/generator.rb

@@ -1,5 +1,4 @@
 require 'base64'
-require 'yajl'
 require 'openssl'
 require 'date'
 
@@ -16,13 +15,13 @@ module Fernet
 
     def generate
       yield self if block_given?
-      data.merge!(:issued_at => DateTime.now)
+      data.merge!(:issued_at => DateTime.now.to_s)
 
       if encrypt?
         iv = encrypt_data!
         @payload = "#{base64(data)}|#{base64(iv)}"
       else
-        @payload = base64(Yajl::Encoder.encode(data))
+        @payload = base64(Fernet::OkJson.encode(stringify_hash_keys(data)))
       end
 
       mac = OpenSSL::HMAC.hexdigest('sha256', payload, signing_key)
@@ -47,7 +46,7 @@ module Fernet
       iv         = cipher.random_iv
       cipher.iv  = iv
       cipher.key = encryption_key
-      @data = cipher.update(Yajl::Encoder.encode(data)) + cipher.final
+      @data = cipher.update(Fernet::OkJson.encode(stringify_hash_keys(data))) + cipher.final
       iv
     end
 
@@ -67,5 +66,11 @@ module Fernet
       @encrypt
     end
 
+    def stringify_hash_keys(hash)
+      hash.inject({}) do |result, (k, v)|
+        result[k.to_s] = v
+      result
+      end
+    end
   end
 end

data/lib/fernet/okjson.rb

@@ -0,0 +1,596 @@
+# encoding: UTF-8
+#
+# Copyright 2011, 2012 Keith Rarick
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+# See https://github.com/kr/okjson for updates.
+
+require 'stringio'
+
+# Some parts adapted from
+# http://golang.org/src/pkg/json/decode.go and
+# http://golang.org/src/pkg/utf8/utf8.go
+module Fernet::OkJson
+  extend self
+
+
+  # Decodes a json document in string s and
+  # returns the corresponding ruby value.
+  # String s must be valid UTF-8. If you have
+  # a string in some other encoding, convert
+  # it first.
+  #
+  # String values in the resulting structure
+  # will be UTF-8.
+  def decode(s)
+    ts = lex(s)
+    v, ts = textparse(ts)
+    if ts.length > 0
+      raise Error, 'trailing garbage'
+    end
+    v
+  end
+
+
+  # Parses a "json text" in the sense of RFC 4627.
+  # Returns the parsed value and any trailing tokens.
+  # Note: this is almost the same as valparse,
+  # except that it does not accept atomic values.
+  def textparse(ts)
+    if ts.length < 0
+      raise Error, 'empty'
+    end
+
+    typ, _, val = ts[0]
+    case typ
+    when '{' then objparse(ts)
+    when '[' then arrparse(ts)
+    else
+      raise Error, "unexpected #{val.inspect}"
+    end
+  end
+
+
+  # Parses a "value" in the sense of RFC 4627.
+  # Returns the parsed value and any trailing tokens.
+  def valparse(ts)
+    if ts.length < 0
+      raise Error, 'empty'
+    end
+
+    typ, _, val = ts[0]
+    case typ
+    when '{' then objparse(ts)
+    when '[' then arrparse(ts)
+    when :val,:str then [val, ts[1..-1]]
+    else
+      raise Error, "unexpected #{val.inspect}"
+    end
+  end
+
+
+  # Parses an "object" in the sense of RFC 4627.
+  # Returns the parsed value and any trailing tokens.
+  def objparse(ts)
+    ts = eat('{', ts)
+    obj = {}
+
+    if ts[0][0] == '}'
+      return obj, ts[1..-1]
+    end
+
+    k, v, ts = pairparse(ts)
+    obj[k] = v
+
+    if ts[0][0] == '}'
+      return obj, ts[1..-1]
+    end
+
+    loop do
+      ts = eat(',', ts)
+
+      k, v, ts = pairparse(ts)
+      obj[k] = v
+
+      if ts[0][0] == '}'
+        return obj, ts[1..-1]
+      end
+    end
+  end
+
+
+  # Parses a "member" in the sense of RFC 4627.
+  # Returns the parsed values and any trailing tokens.
+  def pairparse(ts)
+    (typ, _, k), ts = ts[0], ts[1..-1]
+    if typ != :str
+      raise Error, "unexpected #{k.inspect}"
+    end
+    ts = eat(':', ts)
+    v, ts = valparse(ts)
+    [k, v, ts]
+  end
+
+
+  # Parses an "array" in the sense of RFC 4627.
+  # Returns the parsed value and any trailing tokens.
+  def arrparse(ts)
+    ts = eat('[', ts)
+    arr = []
+
+    if ts[0][0] == ']'
+      return arr, ts[1..-1]
+    end
+
+    v, ts = valparse(ts)
+    arr << v
+
+    if ts[0][0] == ']'
+      return arr, ts[1..-1]
+    end
+
+    loop do
+      ts = eat(',', ts)
+
+      v, ts = valparse(ts)
+      arr << v
+
+      if ts[0][0] == ']'
+        return arr, ts[1..-1]
+      end
+    end
+  end
+
+
+  def eat(typ, ts)
+    if ts[0][0] != typ
+      raise Error, "expected #{typ} (got #{ts[0].inspect})"
+    end
+    ts[1..-1]
+  end
+
+
+  # Scans s and returns a list of json tokens,
+  # excluding white space (as defined in RFC 4627).
+  def lex(s)
+    ts = []
+    while s.length > 0
+      typ, lexeme, val = tok(s)
+      if typ == nil
+        raise Error, "invalid character at #{s[0,10].inspect}"
+      end
+      if typ != :space
+        ts << [typ, lexeme, val]
+      end
+      s = s[lexeme.length..-1]
+    end
+    ts
+  end
+
+
+  # Scans the first token in s and
+  # returns a 3-element list, or nil
+  # if s does not begin with a valid token.
+  #
+  # The first list element is one of
+  # '{', '}', ':', ',', '[', ']',
+  # :val, :str, and :space.
+  #
+  # The second element is the lexeme.
+  #
+  # The third element is the value of the
+  # token for :val and :str, otherwise
+  # it is the lexeme.
+  def tok(s)
+    case s[0]
+    when ?{  then ['{', s[0,1], s[0,1]]
+    when ?}  then ['}', s[0,1], s[0,1]]
+    when ?:  then [':', s[0,1], s[0,1]]
+    when ?,  then [',', s[0,1], s[0,1]]
+    when ?[  then ['[', s[0,1], s[0,1]]
+    when ?]  then [']', s[0,1], s[0,1]]
+    when ?n  then nulltok(s)
+    when ?t  then truetok(s)
+    when ?f  then falsetok(s)
+    when ?"  then strtok(s)
+    when Spc then [:space, s[0,1], s[0,1]]
+    when ?\t then [:space, s[0,1], s[0,1]]
+    when ?\n then [:space, s[0,1], s[0,1]]
+    when ?\r then [:space, s[0,1], s[0,1]]
+    else          numtok(s)
+    end
+  end
+
+
+  def nulltok(s);  s[0,4] == 'null'  ? [:val, 'null',  nil]   : [] end
+  def truetok(s);  s[0,4] == 'true'  ? [:val, 'true',  true]  : [] end
+  def falsetok(s); s[0,5] == 'false' ? [:val, 'false', false] : [] end
+
+
+  def numtok(s)
+    m = /-?([1-9][0-9]+|[0-9])([.][0-9]+)?([eE][+-]?[0-9]+)?/.match(s)
+    if m && m.begin(0) == 0
+      if m[3] && !m[2]
+        [:val, m[0], Integer(m[1])*(10**Integer(m[3][1..-1]))]
+      elsif m[2]
+        [:val, m[0], Float(m[0])]
+      else
+        [:val, m[0], Integer(m[0])]
+      end
+    else
+      []
+    end
+  end
+
+
+  def strtok(s)
+    m = /"([^"\\]|\\["\/\\bfnrt]|\\u[0-9a-fA-F]{4})*"/.match(s)
+    if ! m
+      raise Error, "invalid string literal at #{abbrev(s)}"
+    end
+    [:str, m[0], unquote(m[0])]
+  end
+
+
+  def abbrev(s)
+    t = s[0,10]
+    p = t['`']
+    t = t[0,p] if p
+    t = t + '...' if t.length < s.length
+    '`' + t + '`'
+  end
+
+
+  # Converts a quoted json string literal q into a UTF-8-encoded string.
+  # The rules are different than for Ruby, so we cannot use eval.
+  # Unquote will raise an error if q contains control characters.
+  def unquote(q)
+    q = q[1...-1]
+    a = q.dup # allocate a big enough string
+    rubydoesenc = false
+    # In ruby >= 1.9, a[w] is a codepoint, not a byte.
+    if a.class.method_defined?(:force_encoding)
+      a.force_encoding('UTF-8')
+      rubydoesenc = true
+    end
+    r, w = 0, 0
+    while r < q.length
+      c = q[r]
+      case true
+      when c == ?\\
+        r += 1
+        if r >= q.length
+          raise Error, "string literal ends with a \"\\\": \"#{q}\""
+        end
+
+        case q[r]
+        when ?",?\\,?/,?'
+          a[w] = q[r]
+          r += 1
+          w += 1
+        when ?b,?f,?n,?r,?t
+          a[w] = Unesc[q[r]]
+          r += 1
+          w += 1
+        when ?u
+          r += 1
+          uchar = begin
+            hexdec4(q[r,4])
+          rescue RuntimeError => e
+            raise Error, "invalid escape sequence \\u#{q[r,4]}: #{e}"
+          end
+          r += 4
+          if surrogate? uchar
+            if q.length >= r+6
+              uchar1 = hexdec4(q[r+2,4])
+              uchar = subst(uchar, uchar1)
+              if uchar != Ucharerr
+                # A valid pair; consume.
+                r += 6
+              end
+            end
+          end
+          if rubydoesenc
+            a[w] = '' << uchar
+            w += 1
+          else
+            w += ucharenc(a, w, uchar)
+          end
+        else
+          raise Error, "invalid escape char #{q[r]} in \"#{q}\""
+        end
+      when c == ?", c < Spc
+        raise Error, "invalid character in string literal \"#{q}\""
+      else
+        # Copy anything else byte-for-byte.
+        # Valid UTF-8 will remain valid UTF-8.
+        # Invalid UTF-8 will remain invalid UTF-8.
+        # In ruby >= 1.9, c is a codepoint, not a byte,
+        # in which case this is still what we want.
+        a[w] = c
+        r += 1
+        w += 1
+      end
+    end
+    a[0,w]
+  end
+
+
+  # Encodes unicode character u as UTF-8
+  # bytes in string a at position i.
+  # Returns the number of bytes written.
+  def ucharenc(a, i, u)
+    case true
+    when u <= Uchar1max
+      a[i] = (u & 0xff).chr
+      1
+    when u <= Uchar2max
+      a[i+0] = (Utag2 | ((u>>6)&0xff)).chr
+      a[i+1] = (Utagx | (u&Umaskx)).chr
+      2
+    when u <= Uchar3max
+      a[i+0] = (Utag3 | ((u>>12)&0xff)).chr
+      a[i+1] = (Utagx | ((u>>6)&Umaskx)).chr
+      a[i+2] = (Utagx | (u&Umaskx)).chr
+      3
+    else
+      a[i+0] = (Utag4 | ((u>>18)&0xff)).chr
+      a[i+1] = (Utagx | ((u>>12)&Umaskx)).chr
+      a[i+2] = (Utagx | ((u>>6)&Umaskx)).chr
+      a[i+3] = (Utagx | (u&Umaskx)).chr
+      4
+    end
+  end
+
+
+  def hexdec4(s)
+    if s.length != 4
+      raise Error, 'short'
+    end
+    (nibble(s[0])<<12) | (nibble(s[1])<<8) | (nibble(s[2])<<4) | nibble(s[3])
+  end
+
+
+  def subst(u1, u2)
+    if Usurr1 <= u1 && u1 < Usurr2 && Usurr2 <= u2 && u2 < Usurr3
+      return ((u1-Usurr1)<<10) | (u2-Usurr2) + Usurrself
+    end
+    return Ucharerr
+  end
+
+
+  def surrogate?(u)
+    Usurr1 <= u && u < Usurr3
+  end
+
+
+  def nibble(c)
+    case true
+    when ?0 <= c && c <= ?9 then c.ord - ?0.ord
+    when ?a <= c && c <= ?z then c.ord - ?a.ord + 10
+    when ?A <= c && c <= ?Z then c.ord - ?A.ord + 10
+    else
+      raise Error, "invalid hex code #{c}"
+    end
+  end
+
+
+  # Encodes x into a json text. It may contain only
+  # Array, Hash, String, Numeric, true, false, nil.
+  # (Note, this list excludes Symbol.)
+  # X itself must be an Array or a Hash.
+  # No other value can be encoded, and an error will
+  # be raised if x contains any other value, such as
+  # Nan, Infinity, Symbol, and Proc, or if a Hash key
+  # is not a String.
+  # Strings contained in x must be valid UTF-8.
+  def encode(x)
+    case x
+    when Hash    then objenc(x)
+    when Array   then arrenc(x)
+    else
+      raise Error, 'root value must be an Array or a Hash'
+    end
+  end
+
+
+  def valenc(x)
+    case x
+    when Hash    then objenc(x)
+    when Array   then arrenc(x)
+    when String  then strenc(x)
+    when Numeric then numenc(x)
+    when true    then "true"
+    when false   then "false"
+    when nil     then "null"
+    else
+      raise Error, "cannot encode #{x.class}: #{x.inspect}"
+    end
+  end
+
+
+  def objenc(x)
+    '{' + x.map{|k,v| keyenc(k) + ':' + valenc(v)}.join(',') + '}'
+  end
+
+
+  def arrenc(a)
+    '[' + a.map{|x| valenc(x)}.join(',') + ']'
+  end
+
+
+  def keyenc(k)
+    case k
+    when String then strenc(k)
+    else
+      raise Error, "Hash key is not a string: #{k.inspect}"
+    end
+  end
+
+
+  def strenc(s)
+    t = StringIO.new
+    t.putc(?")
+    r = 0
+
+    # In ruby >= 1.9, s[r] is a codepoint, not a byte.
+    rubydoesenc = s.class.method_defined?(:encoding)
+
+    while r < s.length
+      case s[r]
+      when ?"  then t.print('\\"')
+      when ?\\ then t.print('\\\\')
+      when ?\b then t.print('\\b')
+      when ?\f then t.print('\\f')
+      when ?\n then t.print('\\n')
+      when ?\r then t.print('\\r')
+      when ?\t then t.print('\\t')
+      else
+        c = s[r]
+        case true
+        when rubydoesenc
+          begin
+            c.ord # will raise an error if c is invalid UTF-8
+            t.write(c)
+          rescue
+            t.write(Ustrerr)
+          end
+        when Spc <= c && c <= ?~
+          t.putc(c)
+        else
+          n = ucharcopy(t, s, r) # ensure valid UTF-8 output
+          r += n - 1 # r is incremented below
+        end
+      end
+      r += 1
+    end
+    t.putc(?")
+    t.string
+  end
+
+
+  def numenc(x)
+    if ((x.nan? || x.infinite?) rescue false)
+      raise Error, "Numeric cannot be represented: #{x}"
+    end
+    "#{x}"
+  end
+
+
+  # Copies the valid UTF-8 bytes of a single character
+  # from string s at position i to I/O object t, and
+  # returns the number of bytes copied.
+  # If no valid UTF-8 char exists at position i,
+  # ucharcopy writes Ustrerr and returns 1.
+  def ucharcopy(t, s, i)
+    n = s.length - i
+    raise Utf8Error if n < 1
+
+    c0 = s[i].ord
+
+    # 1-byte, 7-bit sequence?
+    if c0 < Utagx
+      t.putc(c0)
+      return 1
+    end
+
+    raise Utf8Error if c0 < Utag2 # unexpected continuation byte?
+
+    raise Utf8Error if n < 2 # need continuation byte
+    c1 = s[i+1].ord
+    raise Utf8Error if c1 < Utagx || Utag2 <= c1
+
+    # 2-byte, 11-bit sequence?
+    if c0 < Utag3
+      raise Utf8Error if ((c0&Umask2)<<6 | (c1&Umaskx)) <= Uchar1max
+      t.putc(c0)
+      t.putc(c1)
+      return 2
+    end
+
+    # need second continuation byte
+    raise Utf8Error if n < 3
+
+    c2 = s[i+2].ord
+    raise Utf8Error if c2 < Utagx || Utag2 <= c2
+
+    # 3-byte, 16-bit sequence?
+    if c0 < Utag4
+      u = (c0&Umask3)<<12 | (c1&Umaskx)<<6 | (c2&Umaskx)
+      raise Utf8Error if u <= Uchar2max
+      t.putc(c0)
+      t.putc(c1)
+      t.putc(c2)
+      return 3
+    end
+
+    # need third continuation byte
+    raise Utf8Error if n < 4
+    c3 = s[i+3].ord
+    raise Utf8Error if c3 < Utagx || Utag2 <= c3
+
+    # 4-byte, 21-bit sequence?
+    if c0 < Utag5
+      u = (c0&Umask4)<<18 | (c1&Umaskx)<<12 | (c2&Umaskx)<<6 | (c3&Umaskx)
+      raise Utf8Error if u <= Uchar3max
+      t.putc(c0)
+      t.putc(c1)
+      t.putc(c2)
+      t.putc(c3)
+      return 4
+    end
+
+    raise Utf8Error
+  rescue Utf8Error
+    t.write(Ustrerr)
+    return 1
+  end
+
+
+  class Utf8Error < ::StandardError
+  end
+
+
+  class Error < ::StandardError
+  end
+
+
+  Utagx = 0x80 # 1000 0000
+  Utag2 = 0xc0 # 1100 0000
+  Utag3 = 0xe0 # 1110 0000
+  Utag4 = 0xf0 # 1111 0000
+  Utag5 = 0xF8 # 1111 1000
+  Umaskx = 0x3f # 0011 1111
+  Umask2 = 0x1f # 0001 1111
+  Umask3 = 0x0f # 0000 1111
+  Umask4 = 0x07 # 0000 0111
+  Uchar1max = (1<<7) - 1
+  Uchar2max = (1<<11) - 1
+  Uchar3max = (1<<16) - 1
+  Ucharerr = 0xFFFD # unicode "replacement char"
+  Ustrerr = "\xef\xbf\xbd" # unicode "replacement char"
+  Usurrself = 0x10000
+  Usurr1 = 0xd800
+  Usurr2 = 0xdc00
+  Usurr3 = 0xe000
+
+  Spc = ' '[0]
+  Unesc = {?b=>?\b, ?f=>?\f, ?n=>?\n, ?r=>?\r, ?t=>?\t}
+end

data/lib/fernet/verifier.rb

@@ -1,5 +1,4 @@
 require 'base64'
-require 'yajl'
 require 'openssl'
 require 'date'
 
@@ -44,19 +43,20 @@ module Fernet
       parts = @token.split('|')
       if decrypt?
         encrypted_data, iv, @received_signature = *parts
-        @data = Yajl::Parser.parse(decrypt!(encrypted_data, Base64.urlsafe_decode64(iv)))
+        @data = Fernet::OkJson.decode(decrypt!(encrypted_data, Base64.urlsafe_decode64(iv)))
         signing_blob = "#{encrypted_data}|#{iv}"
       else
         encoded_data, @received_signature = *parts
         signing_blob = encoded_data
-        @data = Yajl::Parser.parse(Base64.urlsafe_decode64(encoded_data))
+        @data = Fernet::OkJson.decode(Base64.urlsafe_decode64(encoded_data))
       end
       @regenerated_mac = OpenSSL::HMAC.hexdigest('sha256', signing_blob, signing_key)
     end
 
     def token_recent_enough?
       if enforce_ttl?
-        DateTime.parse(data['issued_at']) > (now - ttl)
+        good_till = DateTime.parse(data['issued_at']) + (ttl.to_f / 24 / 60 / 60)
+        good_till > now
       else
         true
       end

data/lib/fernet/version.rb

@@ -1,3 +1,3 @@
 module Fernet
-  VERSION = "1.4"
+  VERSION = "1.5"
 end

data/spec/fernet_spec.rb

@@ -16,9 +16,11 @@ describe Fernet do
       generator.data = token_data
     end
 
-    Fernet.verify(secret, token) do |verifier|
-      verifier.data['email'] == 'harold@heroku.com'
-    end.should be_true
+    expect(
+      Fernet.verify(secret, token) do |verifier|
+        verifier.data['email'] == 'harold@heroku.com'
+      end
+    ).to be_true
   end
 
   it 'fails with a bad secret' do
@@ -26,19 +28,23 @@ describe Fernet do
       generator.data = token_data
     end
 
-    Fernet.verify(bad_secret, token) do |verifier|
-      verifier.data['email'] == 'harold@heroku.com'
-    end.should be_false
+    expect(
+      Fernet.verify(bad_secret, token) do |verifier|
+        verifier.data['email'] == 'harold@heroku.com'
+      end
+    ).to be_false
   end
 
   it 'fails with a bad custom verification' do
     token = Fernet.generate(secret) do |generator|
-      generator.data = token_data
+      generator.data = { :email => 'harold@heroku.com' }
     end
 
-    Fernet.verify(bad_secret, token) do |verifier|
-      verifier.data['email'] == 'harold@gmail.com'
-    end.should be_false
+    expect(
+      Fernet.verify(secret, token) do |verifier|
+        verifier.data['email'] == 'lol@heroku.com'
+      end
+    ).to be_false
   end
 
   it 'fails if the token is too old' do
@@ -46,9 +52,18 @@ describe Fernet do
       generator.data = token_data
     end
 
-    Fernet.verify(bad_secret, token) do |verifier|
-      verifier.ttl = 0
-    end.should be_false
+    expect(
+      Fernet.verify(secret, token) do |verifier|
+        verifier.ttl = 1
+
+        def verifier.now
+          now = DateTime.now
+          DateTime.new(now.year, now.month, now.day, now.hour,
+                       now.min, now.sec + 2, now.offset)
+        end
+        true
+      end
+    ).to be_false
   end
 
   it 'verifies without a custom verification' do
@@ -56,7 +71,7 @@ describe Fernet do
       generator.data = token_data
     end
 
-    Fernet.verify(secret, token).should be_true
+    expect(Fernet.verify(secret, token)).to be_true
   end
 
   it 'can ignore TTL enforcement' do
@@ -64,13 +79,15 @@ describe Fernet do
       generator.data = token_data
     end
 
-    Fernet.verify(secret, token) do |verifier|
-      def verifier.now
-        Time.now + 99999999999
+    expect(
+      Fernet.verify(secret, token) do |verifier|
+        def verifier.now
+          Time.now + 99999999999
+        end
+        verifier.enforce_ttl = false
+        true
       end
-      verifier.enforce_ttl = false
-      true
-    end.should be_true
+    ).to be_true
   end
 
   it 'can ignore TTL enforcement via global config' do
@@ -82,18 +99,20 @@ describe Fernet do
       generator.data = token_data
     end
 
-    Fernet.verify(secret, token) do |verifier|
-      def verifier.now
-        Time.now + 99999999999
+    expect(
+      Fernet.verify(secret, token) do |verifier|
+        def verifier.now
+          Time.now + 99999999999
+        end
+        true
       end
-      true
-    end.should be_true
+    ).to be_true
   end
 
   it 'generates without custom data' do
     token = Fernet.generate(secret)
 
-    Fernet.verify(secret, token).should be_true
+    expect(Fernet.verify(secret, token)).to be_true
   end
 
   it 'can encrypt the payload' do
@@ -101,11 +120,10 @@ describe Fernet do
       generator.data['password'] = 'password1'
     end
 
-    payload = Base64.decode64(token)
-    payload.should_not match /password1/
+    expect(Base64.decode64(token)).not_to match /password1/
 
     Fernet.verify(secret, token) do |verifier|
-      verifier.data['password'].should == 'password1'
+      expect(verifier.data['password']).to eq('password1')
     end
   end
 
@@ -114,11 +132,10 @@ describe Fernet do
       generator.data['password'] = 'password1'
     end
 
-    payload = Base64.decode64(token)
-    payload.should match /password1/
+    expect(Base64.decode64(token)).to match /password1/
 
     Fernet.verify(secret, token, false) do |verifier|
-      verifier.data['password'].should == 'password1'
+      expect(verifier.data['password']).to eq('password1')
     end
   end
 
@@ -128,11 +145,10 @@ describe Fernet do
       generator.data['password'] = 'password1'
     end
 
-    payload = Base64.decode64(token)
-    payload.should match /password1/
+    expect(Base64.decode64(token)).to match /password1/
 
     Fernet.verify(secret, token) do |verifier|
-      verifier.data['password'].should == 'password1'
+      expect(verifier.data['password']).to eq('password1')
     end
   end
 
@@ -142,7 +158,7 @@ describe Fernet do
     end
 
     verifier = Fernet.verifier(secret, token)
-    verifier.should be_valid
-    verifier.data['password'].should == 'password1'
+    expect(verifier.valid?).to be_true
+    expect(verifier.data['password']).to eq('password1')
   end
 end

data/spec/spec_helper.rb

@@ -14,4 +14,8 @@ RSpec.configure do |config|
   # the seed, which is printed after each run.
   #     --seed 1234
   config.order = 'random'
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
 end

metadata

@@ -1,38 +1,34 @@
 --- !ruby/object:Gem::Specification
 name: fernet
 version: !ruby/object:Gem::Version
-  version: '1.4'
-  prerelease: 
+  prerelease:
+  version: '1.5'
 platform: ruby
 authors:
 - Harold Giménez
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-08-15 00:00:00.000000000 Z
+date: 2012-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: yajl-ruby
-  requirement: &70124570227380 !ruby/object:Gem::Requirement
-    none: false
+  name: rspec
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: *70124570227380
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: &70124570226960 !ruby/object:Gem::Requirement
+        version: !binary |-
+          MA==
     none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: !binary |-
+          MA==
+    none: false
   prerelease: false
-  version_requirements: *70124570226960
+  type: :development
 description: Delicious HMAC Digest(if) authentication and encryption
 email:
 - harold.gimenez@gmail.com
@@ -42,6 +38,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- .travis.yml
 - Gemfile
 - LICENSE
 - README.md
@@ -50,6 +47,7 @@ files:
 - lib/fernet.rb
 - lib/fernet/configuration.rb
 - lib/fernet/generator.rb
+- lib/fernet/okjson.rb
 - lib/fernet/secret.rb
 - lib/fernet/verifier.rb
 - lib/fernet/version.rb
@@ -58,26 +56,28 @@ files:
 - spec/spec_helper.rb
 homepage: ''
 licenses: []
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+      version: !binary |-
+        MA==
   none: false
+required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
-      version: '0'
+      version: !binary |-
+        MA==
+  none: false
 requirements: []
-rubyforge_project: 
-rubygems_version: 1.8.10
-signing_key: 
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
 specification_version: 3
 summary: Easily generate and verify AES encrypted HMAC based authentication tokens
 test_files: