golden_ticket 0.9.12 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +36 -0
- data/golden_ticket.gemspec +15 -14
- data/lib/golden_ticket.rb +19 -5
- data/lib/golden_ticket/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 75e746f3d97a596f6318fb232b284b858f9a219d
|
|
4
|
+
data.tar.gz: 547087fd393f723f372a13f3f1b00beebb8a6b6a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a3a260c28b16d24150104c1182d8b9ee8ddd2dfa4fb7f58e2cb21deb2cc7d12cf85e0cd1a4b8036a7ee45edd4abba1c50ce38e2c305c654651b9d04e516f0cc1
|
|
7
|
+
data.tar.gz: d51e3ba3968a9be2e307198dfcc58d359b0bf5fe8e0aac9e523e507cf87a94d2bb38695b4912be72e82644bbbf5378db925581618af186dda88b72c36b2f71aa
|
data/README.md
CHANGED
|
@@ -2,6 +2,42 @@
|
|
|
2
2
|
|
|
3
3
|
Simple JSON Web Token tools
|
|
4
4
|
|
|
5
|
+
## Presentation
|
|
6
|
+
|
|
7
|
+
This library provides utilities for manipulating [JSON Web Tokens (JWT)](https://jwt.io/).
|
|
8
|
+
|
|
9
|
+
## Installation
|
|
10
|
+
|
|
11
|
+
### Gemfile
|
|
12
|
+
```ruby
|
|
13
|
+
gem 'golden_ticket'
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
### Terminal
|
|
17
|
+
```bash
|
|
18
|
+
gem install -V golden_ticket
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
## Usage
|
|
22
|
+
|
|
23
|
+
Any payload can be encoded as a JWT using the *encode* method:
|
|
24
|
+
|
|
25
|
+
```ruby
|
|
26
|
+
key = 'supersecret'
|
|
27
|
+
payload = { user_id: 0, foo: :bar }
|
|
28
|
+
GoldenTicket.encode key, payload
|
|
29
|
+
# => 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjowLCJmb28iOiJiYXIifQ.4Tn4B_uV-FJ_xh2Vcg4LB24DP2faPoEll4Cttjblkhs'
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
Any JWT can be decoded using the *decode* method:
|
|
33
|
+
|
|
34
|
+
```ruby
|
|
35
|
+
key = 'supersecret'
|
|
36
|
+
token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjowLCJmb28iOiJiYXIifQ.4Tn4B_uV-FJ_xh2Vcg4LB24DP2faPoEll4Cttjblkhs'
|
|
37
|
+
GoldenTicket.decode key, token
|
|
38
|
+
# => { user_id: 0, foo: 'bar' }
|
|
39
|
+
```
|
|
40
|
+
|
|
5
41
|
## License
|
|
6
42
|
|
|
7
43
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/golden_ticket.gemspec
CHANGED
|
@@ -4,21 +4,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
require 'golden_ticket/version'
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |spec|
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
spec.name = "golden_ticket"
|
|
8
|
+
spec.version = GoldenTicket::VERSION
|
|
9
|
+
spec.authors = ["Eresse"]
|
|
10
|
+
spec.email = ["eresse@eresse.net"]
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
12
|
+
spec.summary = "Simple JWT Tools"
|
|
13
|
+
spec.description = "Provides simple tools to manipulate JSON Web Token"
|
|
14
|
+
spec.homepage = "http://redmine.eresse.net/projects/golden_ticket"
|
|
15
|
+
spec.license = "MIT"
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
18
|
+
spec.bindir = "exe"
|
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
20
|
+
spec.require_paths = ["lib"]
|
|
21
21
|
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
spec.add_development_dependency "bundler", "~> 1.12"
|
|
23
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
|
24
|
+
spec.add_runtime_dependency 'aromat'
|
|
24
25
|
end
|
data/lib/golden_ticket.rb
CHANGED
|
@@ -5,22 +5,32 @@
|
|
|
5
5
|
require 'json'
|
|
6
6
|
require 'base64'
|
|
7
7
|
require 'openssl'
|
|
8
|
+
require 'aromat'
|
|
8
9
|
require 'golden_ticket/version'
|
|
9
10
|
|
|
10
11
|
# GoldenTicket Module
|
|
11
12
|
module GoldenTicket
|
|
12
13
|
|
|
13
|
-
# Encode Base64URL
|
|
14
|
+
# Encode Base64URL:
|
|
15
|
+
# Base64-encodes a String in way that plays nice with URLs (no special characters).
|
|
16
|
+
# @param [String] s A chunk to encode
|
|
17
|
+
# @return [String] The encoded string
|
|
14
18
|
def self.b64url_encode s
|
|
15
19
|
Base64.urlsafe_encode64(s).gsub('=', '').gsub "\n", ''
|
|
16
20
|
end
|
|
17
21
|
|
|
18
|
-
# Decode Base64URL
|
|
22
|
+
# Decode Base64URL:
|
|
23
|
+
# Base64-decodes a String which has been encoded with #b64url_encode.
|
|
24
|
+
# @param [String] s An encoded String
|
|
25
|
+
# @return [String] The decoded chunk
|
|
19
26
|
def self.b64url_decode s
|
|
20
27
|
Base64.urlsafe_decode64 s + ('=' * (((s.length % 4) > 0) ? (4 - (s.length % 4)) : 0))
|
|
21
28
|
end
|
|
22
29
|
|
|
23
|
-
# Encode (Generate JWT)
|
|
30
|
+
# Encode (Generate JWT):
|
|
31
|
+
# Produces a JSON Web Token (JWT) by SHA-256-hashing a payload's JSON representation.
|
|
32
|
+
# @param [String] key Used for SHA-256 hashing
|
|
33
|
+
# @param [Object] payload The Actual token information payload
|
|
24
34
|
def self.encode key, payload
|
|
25
35
|
|
|
26
36
|
# Prep Header - Always HMAC SHA 256 / JWT
|
|
@@ -38,7 +48,11 @@ module GoldenTicket
|
|
|
38
48
|
"#{header_data}.#{payload_data}.#{secret_data}"
|
|
39
49
|
end
|
|
40
50
|
|
|
41
|
-
# Decode (Parse JWT)
|
|
51
|
+
# Decode (Parse JWT):
|
|
52
|
+
# Splits up and decodes a given JSON Web Token, after having verified its authenticity.
|
|
53
|
+
# @param [String] key Used for SHA-256 hashing
|
|
54
|
+
# @param [String] token The token itself (duh...)
|
|
55
|
+
# @return [Object] The actual token information payload
|
|
42
56
|
def self.decode key, token
|
|
43
57
|
|
|
44
58
|
# Split Token
|
|
@@ -49,6 +63,6 @@ module GoldenTicket
|
|
|
49
63
|
raise 'Invalid Token' unless secret_data == b64url_encode(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, secret))
|
|
50
64
|
|
|
51
65
|
# Pull dat Payload
|
|
52
|
-
JSON.parse
|
|
66
|
+
JSON.parse(b64url_decode(payload_data)).sym_keys
|
|
53
67
|
end
|
|
54
68
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: golden_ticket
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eresse
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-03-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '10.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: aromat
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
41
55
|
description: Provides simple tools to manipulate JSON Web Token
|
|
42
56
|
email:
|
|
43
57
|
- eresse@eresse.net
|