firebase_id_token 2.3.0 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7881ecf256206e396bfd54d8a2954feadaa162ce
-  data.tar.gz: 9f413ff8208a7318f5c28c59536390b300cf0044
+SHA256:
+  metadata.gz: 536ac169a34db614f7501d80d974dbd9048a917bb3c0887b6e16f90381772b61
+  data.tar.gz: 83e7a5258af798b479f1a9eea253e4d0dfae6cac5aa0f003787973abb87dc28d
 SHA512:
-  metadata.gz: f4b877b7597491df27b6c3fb09bbc01b04b1e613c0e594e1f7c12d8864183dfe8a64906514ffbfc6c8776992eef3434b1d0a1295772c3e0b24684f49dc29f31b
-  data.tar.gz: 512bb0b70ba34e7ac7a4fd86b0a56c60def064443705c49c4bd3abfc7c5cb952e08e580fb236b48d1cb3d7043ab69a61febcffe613146ba9becda35f5dc96963
+  metadata.gz: 1e721876bcfa5f946236d42461bae05365adbfe61c37fd744029fc1e2b27b3c1fe22bc20bf850a6a23fbd18d4e45f2a2572190a76fc86ef5ad022f689ace8d6a
+  data.tar.gz: d06b0c0f60dc2dfe15762ba19fc9ef9549f3efcd46bc124ab0572ba992993fdd06cfd59a3aea8c0708d56916eba3551dade16026ee57fa7ddd1fe103fbf48d5c

data/README.md

@@ -1,211 +1,280 @@
-# Ruby Firebase ID Token verifier (pre-release)
-
-![Alt text](https://api.travis-ci.org/fschuindt/firebase_id_token.svg?branch=master)
-[![Code Climate](https://codeclimate.com/github/fschuindt/firebase_id_token/badges/gpa.svg)](https://codeclimate.com/github/fschuindt/firebase_id_token)
-[![Issue Count](https://codeclimate.com/github/fschuindt/firebase_id_token/badges/issue_count.svg)](https://codeclimate.com/github/fschuindt/firebase_id_token)
-[![Test Coverage](https://codeclimate.com/github/fschuindt/firebase_id_token/badges/coverage.svg)](https://codeclimate.com/github/fschuindt/firebase_id_token/coverage)
-[![Inline docs](http://inch-ci.org/github/fschuindt/firebase_id_token.svg?branch=master)](http://inch-ci.org/github/fschuindt/firebase_id_token)
-
-A Ruby gem to verify the signature of Firebase ID Tokens. It uses Redis to store Google's x509 certificates and manage their expiration time, so you don't need to request Google's API in every execution and can access it as fast as reading from memory.
-
-It also checks the JWT payload parameters as recommended [here](https://firebase.google.com/docs/auth/admin/verify-id-tokens) by Firebase official documentation.
-
-Feel free to open any issue or to [contact me](https://fschuindt.github.io/blog/about/) directly.  
-Any contribution is welcome.
-
-## Docs
-
- + http://www.rubydoc.info/gems/firebase_id_token
-
-## Requirements
-
-+ Redis
-
-## Installing
-
-```
-gem install firebase_id_token
-```
-
-or in your Gemfile
-```
-gem 'firebase_id_token', '~> 2.3.0'
-```
-then
-```
-bundle install
-```
-
-## Configuration
-
-It's needed to set up your Firebase Project ID.
-
-If you are using Rails, this should probably go into `config/initializers/firebase_id_token.rb`.
-```ruby
-FirebaseIdToken.configure do |config|
-  config.project_ids = ['your-firebase-project-id']
-end
-```
-
-`project_ids` must be a Array.
-
-*If you want to verify signatures from more than one Firebase project, just add more Project IDs to the list.*
-
-You can also pass a Redis instance to `config` if you are not using Redis defaults.  
-In this case, you must have the gem `redis` in your `Gemfile`.
-```ruby
-FirebaseIdToken.configure do |config|
-  config.project_ids = ['your-firebase-project-id']
-  config.redis = Redis.new(host: '10.0.1.1', port: 6380, db: 15)
-end
-```
-
-Otherwise, it will use just `Redis.new` as the instance.
-
-## Usage
-
-You can get a glimpse of it by reading our RSpec output on your machine. It's
-really helpful. But here is a complete guide:
-
-### Downloading Certificates
-
-Before verifying tokens, you need to download Google's x509 certificates.
-
-To do it simply:
-```ruby
-FirebaseIdToken::Certificates.request
-```
-
-It will download the certificates and save it in Redis, but only if Redis certificates database is empty. To force download and override Redis database, use:
-```ruby
-FirebaseIdToken::Certificates.request!
-```
-
-Google give us information about the certificates expiration time, it's used to set a Redis TTL (Time-To-Live) when saving it. By doing so, the certificates will be automatically deleted after its expiration.
-
-#### Certificates Info
-
-Checks the presence of certificates in Redis database.
-```ruby
-FirebaseIdToken::Certificates.present?
-=> true
-```
-
-How many seconds until the certificate's expiration.
-```ruby
-FirebaseIdToken::Certificates.ttl
-=> 22352
-```
-
-Lists all certificates in a database.
-```ruby
-FirebaseIdToken::Certificates.all
-=> [{"ec8f292sd30224afac5c55540df66d1f999d" => <OpenSSL::X509::Certificate: [...]]
-```
-
-Finds the respective certificate of a given Key ID.
-```ruby
-FirebaseIdToken::Certificates.find('ec8f292sd30224afac5c55540df66d1f999d')
-=> <OpenSSL::X509::Certificate: subject=<OpenSSL::X509 [...]>
-```
-
-#### Downloading in Rails
-
-If you are using Rails, it's clever to download certificates in a cron task, you can use [whenever](https://github.com/javan/whenever).
-
-**Example**
-
-*Read whenever's guide on how to set it up.*
-
-Create your task in `lib/tasks/firebase.rake`:
-```ruby
-namespace :firebase do
-  namespace :certificates do
-    desc "Request Google's x509 certificates when Redis is empty"
-    task request: :environment do
-      FirebaseIdToken::Certificates.request
-    end
-
-    desc "Request Google's x509 certificates and override Redis"
-    task force_request: :environment do
-      FirebaseIdToken::Certificates.request!
-    end
-  end
-end
-```
-
-And in your `config/schedule.rb` you might have:
-```ruby
-every 1.hour do
-  rake 'firebase:certificates:force_request'
-end
-```
-
-Then:
-```
-$ whenever --update-crontab
-```
-
-I recommend running it once every hour or every 30 minutes, it's up to you. Normally the certificates expiration time is around 4 to 6 hours, but it's good to perform it in a small fraction of this time.
-
-When developing, you should just run the task:
-```
-$ rake firebase:certificates:request
-```
-
-*And remember, you need the Redis server to be running.*
-
-### Verifying Tokens
-
-Pass the Firebase ID Token to `FirebaseIdToken::Signature.verify` and it will return the token payload if everything is ok:
-
-```ruby
-FirebaseIdToken::Signature.verify(token)
-=> {"iss"=>"https://securetoken.google.com/firebase-id-token", "name"=>"Bob Test", [...]}
-```
-
-When either the signature is false or the token is invalid, it will return `nil`:
-```ruby
-FirebaseIdToken::Signature.verify(fake_token)
-=> nil
-
-FirebaseIdToken::Signature.verify('aaaaaa')
-=> nil
-```
-
-**WARNING:** If you try to verify a signature without any certificates in Redis database it will raise a `FirebaseIdToken::Exceptions::NoCertificatesError`.
-
-#### Payload Structure
-
-In case you need, here's a example of the payload structure from a Google login in JSON.
-```json
-{  
-   "iss":"https://securetoken.google.com/firebase-id-token",
-   "name":"Ugly Bob",
-   "picture":"https://someurl.com/photo.jpg",
-   "aud":"firebase-id-token",
-   "auth_time":1492981192,
-   "user_id":"theUserID",
-   "sub":"theUserID",
-   "iat":1492981200,
-   "exp":33029000017,
-   "email":"uglybob@emailurl.com",
-   "email_verified":true,
-   "firebase":{  
-      "identities":{  
-         "google.com":[  
-            "1010101010101010101"
-         ],
-         "email":[  
-            "uglybob@emailurl.com"
-         ]
-      },
-      "sign_in_provider":"google.com"
-   }
-}
-
-```
-
-## License
-
-The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+# Ruby Firebase ID Token verifier (pre-release)
+
+![Alt text](https://api.travis-ci.org/fschuindt/firebase_id_token.svg?branch=master)
+[![Code Climate](https://codeclimate.com/github/fschuindt/firebase_id_token/badges/gpa.svg)](https://codeclimate.com/github/fschuindt/firebase_id_token)
+[![Issue Count](https://codeclimate.com/github/fschuindt/firebase_id_token/badges/issue_count.svg)](https://codeclimate.com/github/fschuindt/firebase_id_token)
+[![Test Coverage](https://codeclimate.com/github/fschuindt/firebase_id_token/badges/coverage.svg)](https://codeclimate.com/github/fschuindt/firebase_id_token/coverage)
+[![Inline docs](http://inch-ci.org/github/fschuindt/firebase_id_token.svg?branch=master)](http://inch-ci.org/github/fschuindt/firebase_id_token)
+
+A Ruby gem to verify the signature of Firebase ID Tokens. It uses Redis to store Google's x509 certificates and manage their expiration time, so you don't need to request Google's API in every execution and can access it as fast as reading from memory.
+
+It also checks the JWT payload parameters as recommended [here](https://firebase.google.com/docs/auth/admin/verify-id-tokens) by Firebase official documentation.
+
+Feel free to open any issue or to [contact me](https://fschuindt.github.io/blog/about/) directly.  
+Any contribution is welcome.
+
+## Docs
+
+ + http://www.rubydoc.info/gems/firebase_id_token
+
+## Requirements
+
++ Redis
+
+## Installing
+
+```
+gem install firebase_id_token
+```
+
+or in your Gemfile
+```
+gem 'firebase_id_token', '~> 2.3.1'
+```
+then
+```
+bundle install
+```
+
+## Configuration
+
+It's needed to set up your Firebase Project ID.
+
+If you are using Rails, this should probably go into `config/initializers/firebase_id_token.rb`.
+```ruby
+FirebaseIdToken.configure do |config|
+  config.project_ids = ['your-firebase-project-id']
+end
+```
+
+`project_ids` must be a Array.
+
+*If you want to verify signatures from more than one Firebase project, just add more Project IDs to the list.*
+
+You can also pass a Redis instance to `config` if you are not using Redis defaults.  
+In this case, you must have the gem `redis` in your `Gemfile`.
+```ruby
+FirebaseIdToken.configure do |config|
+  config.project_ids = ['your-firebase-project-id']
+  config.redis = Redis.new(host: '10.0.1.1', port: 6380, db: 15)
+end
+```
+
+Otherwise, it will use just `Redis.new` as the instance.
+
+## Usage
+
+You can get a glimpse of it by reading our RSpec output on your machine. It's
+really helpful. But here is a complete guide:
+
+### Downloading Certificates
+
+Before verifying tokens, you need to download Google's x509 certificates.
+
+To do it simply:
+```ruby
+FirebaseIdToken::Certificates.request
+```
+
+It will download the certificates and save it in Redis, but only if Redis certificates database is empty. To force download and override Redis database, use:
+```ruby
+FirebaseIdToken::Certificates.request!
+```
+
+Google give us information about the certificates expiration time, it's used to set a Redis TTL (Time-To-Live) when saving it. By doing so, the certificates will be automatically deleted after its expiration.
+
+#### Certificates Info
+
+Checks the presence of certificates in Redis database.
+```ruby
+FirebaseIdToken::Certificates.present?
+=> true
+```
+
+How many seconds until the certificate's expiration.
+```ruby
+FirebaseIdToken::Certificates.ttl
+=> 22352
+```
+
+Lists all certificates in a database.
+```ruby
+FirebaseIdToken::Certificates.all
+=> [{"ec8f292sd30224afac5c55540df66d1f999d" => <OpenSSL::X509::Certificate: [...]]
+```
+
+Finds the respective certificate of a given Key ID.
+```ruby
+FirebaseIdToken::Certificates.find('ec8f292sd30224afac5c55540df66d1f999d')
+=> <OpenSSL::X509::Certificate: subject=<OpenSSL::X509 [...]>
+```
+
+#### Downloading in Rails
+
+If you are using Rails, it's clever to download certificates in a cron task, you can use [whenever](https://github.com/javan/whenever).
+
+**Example**
+
+*Read whenever's guide on how to set it up.*
+
+Create your task in `lib/tasks/firebase.rake`:
+```ruby
+namespace :firebase do
+  namespace :certificates do
+    desc "Request Google's x509 certificates when Redis is empty"
+    task request: :environment do
+      FirebaseIdToken::Certificates.request
+    end
+
+    desc "Request Google's x509 certificates and override Redis"
+    task force_request: :environment do
+      FirebaseIdToken::Certificates.request!
+    end
+  end
+end
+```
+
+And in your `config/schedule.rb` you might have:
+```ruby
+every 1.hour do
+  rake 'firebase:certificates:force_request'
+end
+```
+
+Then:
+```
+$ whenever --update-crontab
+```
+
+I recommend running it once every hour or every 30 minutes, it's up to you. Normally the certificates expiration time is around 4 to 6 hours, but it's good to perform it in a small fraction of this time.
+
+When developing, you should just run the task:
+```
+$ rake firebase:certificates:request
+```
+
+*And remember, you need the Redis server to be running.*
+
+### Verifying Tokens
+
+Pass the Firebase ID Token to `FirebaseIdToken::Signature.verify` and it will return the token payload if everything is ok:
+
+```ruby
+FirebaseIdToken::Signature.verify(token)
+=> {"iss"=>"https://securetoken.google.com/firebase-id-token", "name"=>"Bob Test", [...]}
+```
+
+When either the signature is false or the token is invalid, it will return `nil`:
+```ruby
+FirebaseIdToken::Signature.verify(fake_token)
+=> nil
+
+FirebaseIdToken::Signature.verify('aaaaaa')
+=> nil
+```
+
+**WARNING:** If you try to verify a signature without any certificates in Redis database it will raise a `FirebaseIdToken::Exceptions::NoCertificatesError`.
+
+#### Payload Structure
+
+In case you need, here's a example of the payload structure from a Google login in JSON.
+```json
+{  
+   "iss":"https://securetoken.google.com/firebase-id-token",
+   "name":"Ugly Bob",
+   "picture":"https://someurl.com/photo.jpg",
+   "aud":"firebase-id-token",
+   "auth_time":1492981192,
+   "user_id":"theUserID",
+   "sub":"theUserID",
+   "iat":1492981200,
+   "exp":33029000017,
+   "email":"uglybob@emailurl.com",
+   "email_verified":true,
+   "firebase":{  
+      "identities":{  
+         "google.com":[  
+            "1010101010101010101"
+         ],
+         "email":[  
+            "uglybob@emailurl.com"
+         ]
+      },
+      "sign_in_provider":"google.com"
+   }
+}
+
+```
+
+
+## Development
+The test suite can be run with `bundle exec rake rspec`
+
+
+The test mode is prepared as preparation for the test.
+
+`FirebaseIdToken.test!`
+
+
+By using test mode, the following methods become available.
+
+```ruby
+# RSA PRIVATE KEY
+FirebaseIdToken::Testing::Certificates.private_key
+# CERTIFICATE
+FirebaseIdToken::Testing::Certificates.certificate
+```
+
+CERTIFICATE will always return the same value and will not communicate to google.
+
+
+### Example
+#### Rails test
+
+Describe the following in test_helper.rb etc.
+
+* test_helper
+
+```ruby
+class ActiveSupport::TestCase
+  setup do
+    FirebaseIdToken.test!
+  end
+end
+```
+
+* controller_test
+
+```ruby
+require 'test_helper'
+
+module Api
+  module V1
+    module UsersControllerTest < ActionController::TestCase
+      setup do
+        @routes = Engine.routes
+        @user = users(:one)
+      end
+        
+      def create_token(sub: nil)
+        _payload = payload.merge({sub: sub})
+        JWT.encode _payload, OpenSSL::PKey::RSA.new(FirebaseIdToken::Testing::Certificates.private_key), 'RS256'
+      end
+
+      def payload
+        # payload.json
+      end
+
+      test 'should success get api v1 users ' do
+        get :show, headers: create_token(@user.id)
+        assert_response :success
+      end
+    end
+  end
+end
+```
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/firebase_id_token.gemspec

@@ -1,38 +1,39 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'firebase_id_token/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'firebase_id_token'
-  spec.version       = FirebaseIdToken::VERSION
-  spec.authors       = ['Fernando Schuindt']
-  spec.email         = ['f.schuindtcs@gmail.com']
-
-  spec.summary       = 'A Firebase ID Token verifier.'
-  spec.description   = "A Ruby gem to verify the signature of Firebase ID "\
-    "Tokens. It uses Redis to store Google's x509 certificates and manage "\
-    "their expiration time, so you don't need to request Google's API in "\
-    "every execution and can access it as fast as reading from memory."
-  spec.homepage      = 'https://github.com/fschuindt/firebase_id_token'
-  spec.license       = 'MIT'
-
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-  spec.bindir        = 'exe'
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib']
-
-  spec.add_development_dependency 'bundler', '~> 1.14'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'redcarpet', '~> 3.4', '>= 3.4.0'
-  spec.add_development_dependency 'simplecov', '~> 0.14.1'
-  spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0', '>= 1.0.0'
-
-  spec.add_runtime_dependency 'redis', '~> 4.0', '>= 4.0.1'
-  spec.add_runtime_dependency 'redis-namespace', '~> 1.6', '>= 1.6.0'
-  spec.add_dependency 'httparty', '~> 0.16', '>= 0.16.2'
-  spec.add_runtime_dependency 'jwt', '~> 2.1', '>= 2.1.0'
-end
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'firebase_id_token/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'firebase_id_token'
+  spec.version       = FirebaseIdToken::VERSION
+  spec.authors       = ['Fernando Schuindt']
+  spec.email         = ['f.schuindtcs@gmail.com']
+
+  spec.summary       = 'A Firebase ID Token verifier.'
+  spec.description   = "A Ruby gem to verify the signature of Firebase ID "\
+    "Tokens. It uses Redis to store Google's x509 certificates and manage "\
+    "their expiration time, so you don't need to request Google's API in "\
+    "every execution and can access it as fast as reading from memory."
+  spec.homepage      = 'https://github.com/fschuindt/firebase_id_token'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.14'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'redcarpet', '~> 3.4', '>= 3.4.0'
+  spec.add_development_dependency 'simplecov', '~> 0.14.1'
+  spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0', '>= 1.0.0'
+  spec.add_development_dependency 'pry', '~> 0.12.2'
+
+  spec.add_runtime_dependency 'redis', '~> 4.0', '>= 4.0.1'
+  spec.add_runtime_dependency 'redis-namespace', '~> 1.6', '>= 1.6.0'
+  spec.add_dependency 'httparty', '~> 0.16', '>= 0.16.2'
+  spec.add_runtime_dependency 'jwt', '~> 2.1', '>= 2.1.0'
+end

data/lib/firebase_id_token.rb

@@ -19,6 +19,11 @@ require 'firebase_id_token/signature'
 # + {Certificates.ttl}
 # + {Certificates.find}
 # + {Signature.verify}
+# + {FirebaseIdToken.test!}
+# + {Testing::Certificates.private_key}
+# + {Testing::Certificates.find}
+# + {Testing::Certificates.private_key}
+# + {Testing::Certificates.certificate}
 #
 # ## Configuration
 #
@@ -44,7 +49,7 @@ module FirebaseIdToken
 
   def self.configuration
     @configuration ||= Configuration.new
-  end
+  end 
 
   # Resets Configuration to defaults.
   def self.reset
@@ -54,4 +59,18 @@ module FirebaseIdToken
   def self.configure
     yield configuration
   end
+
+  # Method for starting test mode.
+  # You can verify with a test certificate or you can use a test private key to verify the token.
+  # When using, write it at the beginning of the test.
+  # @example
+  #  class ActiveSupport::TestCase
+  #    setup do
+  #      FirebaseIdToken.test!
+  #    end
+  #  end
+  def self.test!
+    require 'firebase_id_token/testing/certificates'
+    self.configuration.certificates = FirebaseIdToken::Testing::Certificates
+  end
 end

data/lib/firebase_id_token/configuration.rb

@@ -1,12 +1,15 @@
 module FirebaseIdToken
   # Handles the configuration object. Check out {FirebaseIdToken} for more
   # info on how to use it.
+  LIB_PATH = File.expand_path('../../', __FILE__)
+
   class Configuration
-    attr_accessor :redis, :project_ids
+    attr_accessor :redis, :project_ids, :certificates
 
     def initialize
       @redis = Redis.new
       @project_ids = []
+      @certificates = FirebaseIdToken::Certificates
     end
   end
 end

data/lib/firebase_id_token/signature.rb

@@ -47,6 +47,8 @@ module FirebaseIdToken
       new(jwt_token).verify
     end
 
+    attr_accessor :firebase_id_token_certificates
+
     # Loads attributes: `:project_ids` from {FirebaseIdToken::Configuration},
     # and `:kid`, `:jwt_token` from the related `jwt_token`.
     # @param [String] jwt_token Firebase ID Token
@@ -54,11 +56,13 @@ module FirebaseIdToken
       @project_ids = FirebaseIdToken.configuration.project_ids
       @kid = extract_kid(jwt_token)
       @jwt_token = jwt_token
+      @firebase_id_token_certificates = FirebaseIdToken.configuration.certificates
+
     end
 
     # @see Signature.verify
     def verify
-      certificate = FirebaseIdToken::Certificates.find(@kid)
+      certificate = firebase_id_token_certificates.find(@kid)
       if certificate
         payload = decode_jwt_payload(@jwt_token, certificate.public_key)
         authorize payload

data/lib/firebase_id_token/testing/certificates.rb

@@ -0,0 +1,85 @@
+module FirebaseIdToken
+  module Testing
+    # When executing the test, manage secret key and certificate with Fixture.
+    # Valid for Ruby applications using minitest
+    # ## Access Certificates.
+    # `FirebaseIdToken.test!` is required to start using this class. <br />
+    # When implementing minitest, always return the same certificate.
+    # Provide secret key for encoding JWT.
+    #
+    # ## List of available methods
+    # + {Certificates.find}
+    # + {Certificates.private_key}
+    # + {Certificates.certificate}
+    class Certificates
+      # `.find` is stabbed to always return the same certificate.
+      # @param [String] kid Key ID
+      # @return [nil, OpenSSL::X509::Certificate]
+      def self.find(kid)
+        cert = certificate
+        OpenSSL::X509::Certificate.new cert
+      end
+
+      # Return the secret key defined by Fixture.
+      # @return [string]
+      # @example `.private_kay`
+      #   '-----BEGIN RSA PRIVATE KEY-----
+      #   MIICXAIBAAKBgQCrvJRW05yKQxx3+PdiysRKR/N+VqYv9+b/76C3zC/vk9ACkWTN
+      #   /dcPMzIXVIdDMU+r1o8HF3mOXNhCFWGSfZ7r1dMe961BQtxu1DagC7Ff+XZZL0Mu
+      #   0W0Y/GmP7yTrsie7wCq4QiHj2HBtUtze/uC6DT8Qcthg46LUJBqeh9FiIwIDAQAB
+      #   AoGAEGK80I/+Np7yn2vMxstL8T5uOBayYo9HphHKBt9fj39N8IDI2nKmy1d6Jwm0
+      #   oi+ZR28AVI/j1DZ9l8iMd7qup+/D5CdTt89u8fTUlQkCjAQQsRBneq5MJRKI+5eA
+      #   JDJmx7p7CUUqjnIcFfbBz0NLTDZso11Vp+BDfbDpKv37nskCQQDZimWuxa7rK6UZ
+      #   XGDl8LxEiM27US67kDu8iS3VdQWEKIhhQoea/zNKPMkQsc2+CPggQTcG/2WuPEYJ
+      #   O1bPz7HPAkEAyhknhziWREEBQRLp4qsakozMIn4iuuaC00zpLwcnyOqFPaHS5CTL
+      #   I7GxpwN6Ld1N/nqvYGyk/dRb5Ul7v27DbQJAUMsJwMNCl6z6AFVC16N1CK8WWX9p
+      #   L9f9l6QLFcAEcHTtUdH3syUc03GH619d3jpOjQwrd7na9b8E8+DJ+RxWGQJAI8cE
+      #   OmoIIBkp8a05fokv8RW/5bNSzqeULXgGJ+8qWeU6pUiKnxzsYWtJuflhndD5x71M
+      #   YtOY+d6oThUONTuUmQJBAMGl/eaFU0AfA+xS/3Kt5JFKBbBVAByhL+Hd/27/rYZ5
+      #   8YXDUQAgcykCS21JMrn41p4gwJnpG35PoV8qBIW9a94=
+      #   -----END RSA PRIVATE KEY-----'
+
+      def self.private_key
+        @rsa_private ||= jwt_json['private_key']
+      end
+
+      # Return the certificate defined by Fixture.
+      # @return [string]
+      # @example `.certificate`
+      #   -----BEGIN CERTIFICATE-----
+      #   MIIChDCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJCRTEN
+      #   MAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAgFw0x
+      #   NzA0MjQwMjE5MzRaGA8zMDE2MDgyNTAyMTkzNFowOjELMAkGA1UEBhMCQkUxDTAL
+      #   BgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMMBFRlc3QwgZ8wDQYJ
+      #   KoZIhvcNAQEBBQADgY0AMIGJAoGBAKu8lFbTnIpDHHf492LKxEpH835Wpi/35v/v
+      #   oLfML++T0AKRZM391w8zMhdUh0MxT6vWjwcXeY5c2EIVYZJ9nuvV0x73rUFC3G7U
+      #   NqALsV/5dlkvQy7RbRj8aY/vJOuyJ7vAKrhCIePYcG1S3N7+4LoNPxBy2GDjotQk
+      #   Gp6H0WIjAgMBAAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUFKl2
+      #   nZaaeNZM/7dno9IbaEIvaXQwYgYDVR0jBFswWYAUFKl2nZaaeNZM/7dno9IbaEIv
+      #   aXShPqQ8MDoxCzAJBgNVBAYTAkJFMQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARU
+      #   ZXN0MQ0wCwYDVQQDDARUZXN0ggEAMA0GCSqGSIb3DQEBBQUAA4GBAKkBvhUIRENB
+      #   ap0r9F7sKkRr8tJCCjBPIA+8e8XIKS3A3w6EI5ErRpv795rO80TBR4WZR9GhH8M1
+      #   PXJ7FuaayCcPAl0febjl4z6ZciCSDpBdhbMpmq1d/kYU1H1qUokE2BxhNdcs/Q4w
+      #   +5NnFGSkYm09tPzLWFPLoES9ynBF0N7l
+      #   -----END CERTIFICATE-----
+      #
+      def self.certificate
+        @certs ||= jwt_json['certificate']
+      end
+
+      private
+
+      def self.jwt_json
+        @jwt_json ||= JSON.parse read_jwt_file
+      end
+
+      def self.read_jwt_file
+        File.read(
+          File.expand_path(
+            File.join(FirebaseIdToken::LIB_PATH, '..', 'spec', 'fixtures', 'files', 'jwt.json')
+          )
+        )
+      end
+    end
+  end
+end

data/lib/firebase_id_token/version.rb

@@ -1,3 +1,3 @@
-module FirebaseIdToken
-  VERSION = '2.3.0'
-end
+module FirebaseIdToken
+  VERSION = '2.3.1'
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firebase_id_token
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Fernando Schuindt
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-06-18 00:00:00.000000000 Z
+date: 2019-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -56,22 +56,22 @@ dependencies:
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.4.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.4.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -90,22 +90,36 @@ dependencies:
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 0.12.2
 - !ruby/object:Gem::Dependency
   name: redis
   requirement: !ruby/object:Gem::Requirement
@@ -130,22 +144,22 @@ dependencies:
   name: redis-namespace
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.6'
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.6'
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -170,22 +184,22 @@ dependencies:
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.1.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
 description: A Ruby gem to verify the signature of Firebase ID Tokens. It uses Redis
   to store Google's x509 certificates and manage their expiration time, so you don't
   need to request Google's API in every execution and can access it as fast as reading
@@ -215,6 +229,7 @@ files:
 - lib/firebase_id_token/exceptions/certificates_ttl_error.rb
 - lib/firebase_id_token/exceptions/no_certificates_error.rb
 - lib/firebase_id_token/signature.rb
+- lib/firebase_id_token/testing/certificates.rb
 - lib/firebase_id_token/version.rb
 homepage: https://github.com/fschuindt/firebase_id_token
 licenses:
@@ -235,8 +250,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A Firebase ID Token verifier.