firejwt 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22a3cbe836d5c04927447040ffdc8580f0a8863798dc1089e3e4fa6940989b0f
-  data.tar.gz: 886dbe43fee7a2132259c1997018e711a08e54e53366a461efc77516c6893bfc
+  metadata.gz: e5cccf39fd926dfa2cbe9744c9a5a12715c3fa03a2cbaf6bfbd5ae9ef332d0e0
+  data.tar.gz: 01c1468c405e86f39e733fdf676ee212bb11191e2416445c2edabc00d2933a00
 SHA512:
-  metadata.gz: de05062161e6489c4c074b786a4125a2c412d3b4641b23e91c18f3e6f734993e81ea98eea4a0775259f10183c9872597e84e2a3d944c405bd6ea38d3edd82862
-  data.tar.gz: c62208610c25313796a7a663dcad304c7568293a9096bce5c26b9d0de493fb90eedc159cc8047864f9eb7ca028caa4361c508b276ff2733bb7662e13b96e9a25
+  metadata.gz: 4e9326c3669c09f7b0f7bc82b33e52a36430ad59a5a6d534cb1a0e9763d0ce7393520e1f6f9ab87b52d2941a631fa1d4055898ab2bf28e7e7584f148dbdf1dff
+  data.tar.gz: ce68d73e6a08116fb2015f12670959b8b35c9ce70e3ea66e6d33353a7f34134f83cc2fa3965c1ca61989fb7dc47cf8d9784eeb2c54d2a50b4ccc176de97c49d8

data/.github/workflows/test.yml

@@ -0,0 +1,51 @@
+name: Test
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  golint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Run lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: latest
+  go:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [1.16.x, 1.17.x]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests
+        run: make test
+  ruby:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ["2.5", "2.6", "2.7", "3.0"]
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+      - run: bundle exec rake

data/.rubocop.yml

@@ -1,5 +1,12 @@
-inherit_from:
-  - https://gitlab.com/bsm/misc/raw/master/rubocop/default.yml
+inherit_gem:
+  rubocop-bsm:
+    - default.yml
+inherit_mode:
+  merge:
+    - Exclude
 
 AllCops:
   TargetRubyVersion: "2.5"
+
+RSpec/FilePath:
+  Enabled: false

data/Gemfile.lock

@@ -1,55 +1,68 @@
 PATH
   remote: .
   specs:
-    firejwt (0.2.0)
+    firejwt (0.4.0)
       jwt
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.1)
-    crack (0.4.4)
+    ast (2.4.2)
+    crack (0.4.5)
+      rexml
     diff-lcs (1.4.4)
     hashdiff (1.0.1)
-    jwt (2.2.2)
-    parallel (1.19.2)
-    parser (2.7.1.5)
+    jwt (2.3.0)
+    parallel (1.21.0)
+    parser (3.0.3.1)
       ast (~> 2.4.1)
     public_suffix (4.0.6)
     rainbow (3.0.0)
-    rake (13.0.1)
-    regexp_parser (1.8.1)
-    rexml (3.2.4)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.3)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rake (13.0.6)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.3)
-    rubocop (0.92.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.3)
+    rubocop (1.23.0)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
+      regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 0.5.0)
+      rubocop-ast (>= 1.12.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.7.1)
-      parser (>= 2.7.1.5)
-    ruby-progressbar (1.10.1)
-    unicode-display_width (1.7.0)
-    webmock (3.9.1)
-      addressable (>= 2.3.6)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.13.0)
+      parser (>= 3.0.1.1)
+    rubocop-bsm (0.6.0)
+      rubocop (~> 1.0)
+      rubocop-performance
+      rubocop-rake
+      rubocop-rspec
+    rubocop-performance (1.12.0)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.6.0)
+      rubocop (~> 1.19)
+    ruby-progressbar (1.11.0)
+    unicode-display_width (2.1.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
 
@@ -60,8 +73,8 @@ DEPENDENCIES
   firejwt!
   rake
   rspec
-  rubocop
+  rubocop-bsm
   webmock
 
 BUNDLED WITH
-   2.1.4
+   2.2.32

data/LICENSE

@@ -1,13 +1,201 @@
-Copyright 2020 Black Square Media Ltd
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
-  http://www.apache.org/licenses/LICENSE-2.0
+   1. Definitions.
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2021 Black Square Media Ltd
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/Makefile

@@ -1,7 +1,7 @@
-default: vet test
+default: test
 
 test:
 	go test ./...
 
-vet:
-	go vet ./...
+lint:
+	golangci-lint run

data/README.md

@@ -1,6 +1,6 @@
 # FireJWT
 
-[![Build Status](https://travis-ci.org/bsm/firejwt.png?branch=master)](https://travis-ci.org/bsm/firejwt)
+[![Test](https://github.com/bsm/firejwt/actions/workflows/test.yml/badge.svg)](https://github.com/bsm/firejwt/actions/workflows/test.yml)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
 Decode and validate [Google Firebase](https://firebase.google.com/) JWT tokens with [Ruby](https://www.ruby-lang.org/) and [Go](https://golang.org/).

data/firejwt.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'firejwt'
-  s.version       = '0.2.0'
+  s.version       = '0.4.0'
   s.authors       = ['Black Square Media Ltd']
   s.email         = ['info@blacksquaremedia.com']
   s.summary       = %(Firebase JWT validation)
@@ -16,6 +16,9 @@ Gem::Specification.new do |s|
   s.add_dependency 'jwt'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'rubocop-bsm'
   s.add_development_dependency 'webmock'
+  s.metadata = {
+    'rubygems_mfa_required' => 'true',
+  }
 end

data/firejwt.go

@@ -13,7 +13,7 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 )
 
 const defaultURL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com"
@@ -59,8 +59,15 @@ func (v *Validator) Stop() {
 }
 
 // Decode decodes the token
-func (v *Validator) Decode(tokenString string) (*jwt.Token, error) {
-	return jwt.ParseWithClaims(tokenString, new(Claims), v.verify)
+func (v *Validator) Decode(tokenString string) (*Claims, error) {
+	claims := new(Claims)
+	token, err := jwt.ParseWithClaims(tokenString, claims, v.verify)
+	if err != nil {
+		return nil, err
+	} else if !token.Valid {
+		return nil, errTokenInvalid
+	}
+	return claims, nil
 }
 
 // ExpTime returns the expiration time.
@@ -97,6 +104,7 @@ var (
 	errIssuedFuture = errors.New("issued in the future")
 	errNoSubject    = errors.New("subject is missing")
 	errAuthFuture   = errors.New("auth-time in the future")
+	errTokenInvalid = errors.New("token is invalid")
 )
 
 func (v *Validator) verify(token *jwt.Token) (interface{}, error) {

data/firejwt_test.go

@@ -17,18 +17,18 @@ import (
 	"time"
 
 	"github.com/bsm/firejwt"
-	"github.com/dgrijalva/jwt-go"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	. "github.com/bsm/ginkgo"
+	. "github.com/bsm/gomega"
+	"github.com/golang-jwt/jwt/v4"
 )
 
 var _ = Describe("Validator", func() {
 	var subject *firejwt.Validator
 	var server *httptest.Server
-	var claims *firejwt.Claims
+	var seeds *firejwt.Claims
 
 	generate := func() string {
-		token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
+		token := jwt.NewWithClaims(jwt.SigningMethodRS256, seeds)
 		token.Header["kid"] = certKID
 
 		data, err := token.SignedString(privKey)
@@ -39,11 +39,11 @@ var _ = Describe("Validator", func() {
 	BeforeEach(func() {
 		server = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			w.Header().Set("expires", "Mon, 20 Jan 2020 23:40:59 GMT")
-			json.NewEncoder(w).Encode(map[string]string{
+			_ = json.NewEncoder(w).Encode(map[string]string{
 				certKID: string(certPEM),
 			})
 		}))
-		claims = mockClaims(time.Now().Unix())
+		seeds = mockClaims(time.Now().Unix())
 
 		var err error
 		subject, err = firejwt.Mocked(server.URL)
@@ -60,10 +60,9 @@ var _ = Describe("Validator", func() {
 	})
 
 	It("should decode tokens", func() {
-		token, err := subject.Decode(generate())
+		claims, err := subject.Decode(generate())
 		Expect(err).NotTo(HaveOccurred())
-		Expect(token.Valid).To(BeTrue())
-		Expect(token.Claims).To(Equal(claims))
+		Expect(claims).To(Equal(seeds))
 	})
 
 	It("should reject bad tokens", func() {
@@ -73,42 +72,42 @@ var _ = Describe("Validator", func() {
 	})
 
 	It("should verify exp", func() {
-		claims.ExpiresAt = time.Now().Unix() - 1
+		seeds.ExpiresAt = time.Now().Unix() - 1
 		_, err := subject.Decode(generate())
 		Expect(err).To(MatchError(`token has expired`))
 		Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
 	})
 
 	It("should verify iat", func() {
-		claims.IssuedAt = time.Now().Unix() + 1
+		seeds.IssuedAt = time.Now().Unix() + 1
 		_, err := subject.Decode(generate())
 		Expect(err).To(MatchError(`issued in the future`))
 		Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
 	})
 
 	It("should verify aud", func() {
-		claims.Audience = "other"
+		seeds.Audience = "other"
 		_, err := subject.Decode(generate())
 		Expect(err).To(MatchError(`invalid audience claim "other"`))
 		Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
 	})
 
 	It("should verify iss", func() {
-		claims.Issuer = "other"
+		seeds.Issuer = "other"
 		_, err := subject.Decode(generate())
 		Expect(err).To(MatchError(`invalid issuer claim "other"`))
 		Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
 	})
 
 	It("should verify sub", func() {
-		claims.Subject = ""
+		seeds.Subject = ""
 		_, err := subject.Decode(generate())
 		Expect(err).To(MatchError(`subject is missing`))
 		Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
 	})
 
 	It("should verify auth time", func() {
-		claims.AuthAt = time.Now().Unix() + 1
+		seeds.AuthAt = time.Now().Unix() + 1
 		_, err := subject.Decode(generate())
 		Expect(err).To(MatchError(`auth-time in the future`))
 		Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
@@ -117,8 +116,8 @@ var _ = Describe("Validator", func() {
 
 var _ = Describe("Claims", func() {
 	It("should be JWT compatible", func() {
-		claims := mockClaims(1515151515)
-		Expect(json.Marshal(claims)).To(MatchJSON(`{
+		subject := mockClaims(1515151515)
+		Expect(json.Marshal(subject)).To(MatchJSON(`{
 			"name": "Me",
 			"picture": "https://test.host/me.jpg",
 			"sub": "MDYwNDQwNjUtYWQ0ZC00ZDkwLThl",

data/go.mod

@@ -1,15 +1,9 @@
 module github.com/bsm/firejwt
 
-go 1.13
+go 1.16
 
 require (
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/golang/protobuf v1.3.2 // indirect
-	github.com/kr/pretty v0.1.0 // indirect
-	github.com/onsi/ginkgo v1.11.0
-	github.com/onsi/gomega v1.8.1
-	golang.org/x/net v0.0.0-20191007182048-72f939374954 // indirect
-	golang.org/x/sys v0.0.0-20191008105621-543471e840be // indirect
-	golang.org/x/text v0.3.2 // indirect
-	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+	github.com/bsm/ginkgo v1.16.1
+	github.com/bsm/gomega v1.11.0
+	github.com/golang-jwt/jwt/v4 v4.1.0
 )

data/go.sum

@@ -1,43 +1,6 @@
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34=
-github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20191007182048-72f939374954 h1:JGZucVF/L/TotR719NbujzadOZ2AgnYlqphQGHDCKaU=
-golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+github.com/bsm/ginkgo v1.16.1 h1:jp1v1dbmbGZDWmnGXDTN+XK3U1fTTNja9xYa7VBI0l0=
+github.com/bsm/ginkgo v1.16.1/go.mod h1:RabIZLzOCPghgHJKUqHZpqrQETA5AnF4aCSIYy5C1bk=
+github.com/bsm/gomega v1.11.0 h1:wg9DVGPETNZLIbMsseneMV1a7uo/x+wsCyNXdEcifDI=
+github.com/bsm/gomega v1.11.0/go.mod h1:JifAceMQ4crZIWYUKrlGcmbN3bqHogVTADMD2ATsbwk=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=

data/spec/firejwt/certificates_spec.rb

@@ -11,17 +11,18 @@ RSpec.describe FireJWT::Certificates do
     )
   end
 
-  it 'should init' do
+  it 'inits' do
     expect(subject.expires_at).to be_within(10).of(Time.now + 3600)
     expect(subject).not_to be_expired
+    expect(http_request).to have_been_made
   end
 
-  it 'should retrieve keys' do
+  it 'retrieves keys' do
     expect(subject.get('BAD')).to be_nil
     expect(subject.get(cert.kid)).to be_instance_of(OpenSSL::PKey::RSA)
   end
 
-  it 'should check/update expiration status' do
+  it 'check/updates expiration status' do
     expect(subject).not_to be_expired
     subject.expire!
     expect(subject).to be_expired

data/spec/firejwt/validator_spec.rb

@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 RSpec.describe FireJWT::Validator do
+  subject { described_class.new(project_id) }
+
   let! :http_request do
     stub_request(:get, FireJWT::Certificates::URL.to_s).to_return(
       status: 200,
@@ -37,9 +39,7 @@ RSpec.describe FireJWT::Validator do
   let(:project_id) { 'mock-project' }
   let(:token)      { JWT.encode payload, cert.pkey, 'RS256', kid: cert.kid }
 
-  subject          { described_class.new(project_id) }
-
-  it 'should decode' do
+  it 'decodes' do
     decoded = subject.decode(token)
     expect(decoded).to be_instance_of(FireJWT::Token)
     expect(decoded).to eq(payload)
@@ -47,38 +47,39 @@ RSpec.describe FireJWT::Validator do
       'alg' => 'RS256',
       'kid' => cert.kid,
     )
+    expect(http_request).to have_been_made
   end
 
-  it 'should reject bad tokens' do
+  it 'rejects bad tokens' do
     expect { subject.decode('BAD') }.to raise_error(JWT::DecodeError)
   end
 
-  it 'should verify exp' do
+  it 'verifies exp' do
     payload['exp'] = Time.now.to_i - 1
     expect { subject.decode(token) }.to raise_error(JWT::ExpiredSignature)
   end
 
-  it 'should verify iat' do
+  it 'verifies iat' do
     payload['iat'] = Time.now.to_i + 10
     expect { subject.decode(token) }.to raise_error(JWT::InvalidIatError)
   end
 
-  it 'should verify aud' do
+  it 'verifies aud' do
     payload['aud'] = 'other'
     expect { subject.decode(token) }.to raise_error(JWT::InvalidAudError)
   end
 
-  it 'should verify iss' do
+  it 'verifies iss' do
     payload['iss'] = 'other'
     expect { subject.decode(token) }.to raise_error(JWT::InvalidIssuerError)
   end
 
-  it 'should verify sub' do
+  it 'verifies sub' do
     payload['sub'] = ''
     expect { subject.decode(token) }.to raise_error(JWT::InvalidSubError)
   end
 
-  it 'should verify auth_time' do
+  it 'verifies auth_time' do
     payload['auth_time'] = Time.now.to_i + 10
     expect { subject.decode(token) }.to raise_error(FireJWT::InvalidAuthTimeError)
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firejwt
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Black Square Media Ltd
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-01 00:00:00.000000000 Z
+date: 2021-12-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rubocop-bsm
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -87,9 +87,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rubocop.yml"
-- ".travis.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -111,7 +111,8 @@ files:
 homepage: https://github.com/bsm/firejwt
 licenses:
 - Apache-2.0
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -127,7 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: Firebase JWT validation

data/.travis.yml

@@ -1,23 +0,0 @@
-matrix:
-  include:
-    - language: ruby
-      rvm:
-        - 2.7
-      before_install:
-        - gem install bundler
-    - language: ruby
-      rvm:
-        - 2.6
-      before_install:
-        - gem install bundler
-    - language: ruby
-      rvm:
-        - 2.5
-      before_install:
-        - gem install bundler
-    - language: go
-      go:
-        - 1.15.x
-    - language: go
-      go:
-        - 1.14.x