RubyGems - json-jwt - Versions diffs - 1.14.0 → 1.15.3 - Mend

json-jwt 1.14.0 → 1.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml +4 -4
data/.github/workflows/test_ruby.yml +30 -0
data/.travis.yml +4 -4
data/README.md +11 -0
data/VERSION +1 -1
data/json-jwt.gemspec +2 -0
data/lib/json/jose.rb +1 -3
data/lib/json/jwk/set/fetcher/debugger/request_filter.rb +34 -0
data/lib/json/jwk/set/fetcher.rb +87 -0
data/lib/json/jwk/set.rb +6 -0
data/lib/json/jwt.rb +7 -0
metadata +33 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 91fcaee7ac6b72ca2ac913dedf96d5720c979428de6dce8c92dfd20dc692090b
-  data.tar.gz: 874d9dc15ae88e8378329786239ff8474bb6d79ff4ca83302734eed8e920d497
+  metadata.gz: 0bc8f7f5b23b61360c4b6a72c253b52beb5f7226ebf441d6a6561729155ea55d
+  data.tar.gz: 7175e7ea9121d74d633bb32ce6f88e2d50ddbc3b0109426c562508e40a119727
 SHA512:
-  metadata.gz: 5d6bf57a02244d0661ee1a57abdbac9d549db17f25d4f65685d3055b51ad8a20c5f48fb9c50bd069d152192d8c25dd76b44cac65c72d1d66d7f6009d1399ed5d
-  data.tar.gz: db006e919ed6ee3f5fa87bce489011ec49d87e39e734fe81e1e72dbb8863ab8fe1d30892f960868f1e45176d97950abb2bc847b20b29321bab3912fa8083ca86
+  metadata.gz: f169ddb8eafd2b66e84c8fd32328793e040477a376ab7dfedef29990d330afa667f5f563bc540a0479b095cc2c16cb38b6bb7a7a6c9842656ea41425e63c87b7
+  data.tar.gz: 53e010725185c4acab07988025b1dd70d7def52f27c285ed502a21f1d8e8ad1eedca780db14378824ff7891fbd852265b06a2256281c5a07d40545487ad9241c

data/.github/workflows/test_ruby.yml ADDED Viewed

@@ -0,0 +1,30 @@
+name: Test Ruby
+on:
+  push:
+  pull_request:
+permissions:
+  contents: read
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: ['ubuntu-20.04']
+        ruby-version: ['2.6', '2.7', '3.0', '3.1']
+        # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
+        include:
+        - os: 'ubuntu-22.04'
+          ruby-version: '3.1'
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake

data/.travis.yml CHANGED Viewed

@@ -3,10 +3,10 @@ before_install:
   - git submodule update --init --recursive
 rvm:
-  - 2.5.8
-  - 2.6.6
-  - 2.7.2
-  - 3.0.2
+  - 2.6.10
+  - 2.7.6
+  - 3.0.4
+  - 3.1.2
 jdk:
   - openjdk11

data/README.md CHANGED Viewed

@@ -49,6 +49,17 @@ input = "jwt_header.jwt_claims.jwt_signature"
 JSON::JWT.decode(input, public_key)
 ```
+If you need to get a JWK from `jwks_uri` of OpenID Connect IdP, you can use `JSON::JWK::Set::Fetcher` to fetch (& optionally cache) it.
+```ruby
+# JWK Set Fetching & Caching
+# NOTE: Optionally by setting cache instance, JWKs are cached by kid.
+JSON::JWK::Set::Fetcher.cache = Rails.cache
+JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
+# => returns JSON::JWK instance or raise JSON::JWK::Set::KidNotFound
+```
 For more details, read [Documentation Wiki](https://github.com/nov/json-jwt/wiki).
 ## Note on Patches/Pull Requests

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.14.0
1	+ 1.15.3

data/json-jwt.gemspec CHANGED Viewed

@@ -16,8 +16,10 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency 'activesupport', '>= 4.2'
   gem.add_runtime_dependency 'bindata'
   gem.add_runtime_dependency 'aes_key_wrap'
+  gem.add_runtime_dependency 'httpclient'
   gem.add_development_dependency 'rake'
   gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'webmock'
   gem.add_development_dependency 'rspec'
   gem.add_development_dependency 'rspec-its'
 end

data/lib/json/jose.rb CHANGED Viewed

@@ -26,9 +26,7 @@ module JSON
       when JSON::JWK
         key.to_key
       when JSON::JWK::Set
-        key.detect do |jwk|
-          jwk[:kid] && jwk[:kid] == kid
-        end&.to_key or raise JWK::Set::KidNotFound
+        key[kid]&.to_key or raise JWK::Set::KidNotFound
       else
         key
       end

data/lib/json/jwk/set/fetcher/debugger/request_filter.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module JSON
+  class JWK
+    class Set
+      module Fetcher
+        module Debugger
+          class RequestFilter
+            # Callback called in HTTPClient (before sending a request)
+            # request:: HTTP::Message
+            def filter_request(request)
+              started = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST STARTED ======="
+              log started, request.dump
+            end
+            # Callback called in HTTPClient (after received a response)
+            # request::  HTTP::Message
+            # response:: HTTP::Message
+            def filter_response(request, response)
+              finished = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST FINISHED ======="
+              log '-' * 50, response.dump, finished
+            end
+            private
+            def log(*outputs)
+              outputs.each do |output|
+                JSON::JWK::Set::Fetcher.logger.info output
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/json/jwk/set/fetcher.rb ADDED Viewed

@@ -0,0 +1,87 @@
+module JSON
+  class JWK
+    class Set
+      module Fetcher
+        class Cache
+          def fetch(cache_key, options = {})
+            yield
+          end
+        end
+        def self.logger
+          @@logger
+        end
+        def self.logger=(logger)
+          @@logger = logger
+        end
+        self.logger = Logger.new(STDOUT)
+        self.logger.progname = 'JSON::JWK::Set::Fetcher'
+        def self.debugging?
+          @@debugging
+        end
+        def self.debugging=(boolean)
+          @@debugging = boolean
+        end
+        def self.debug!
+          self.debugging = true
+        end
+        def self.debug(&block)
+          original = self.debugging?
+          debug!
+          yield
+        ensure
+          self.debugging = original
+        end
+        self.debugging = false
+        def self.http_client
+          _http_client_ = HTTPClient.new(
+            agent_name: "JSON::JWK::Set::Fetcher (#{JSON::JWT::VERSION})"
+          )
+          # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
+          _http_client_.ssl_config.clear_cert_store
+          _http_client_.ssl_config.cert_store.set_default_paths
+          _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
+          http_config.try(:call, _http_client_)
+          _http_client_
+        end
+        def self.http_config(&block)
+          @@http_config ||= block
+        end
+        def self.cache=(cache)
+          @@cache = cache
+        end
+        def self.cache
+          @@cache
+        end
+        self.cache = Cache.new
+        def self.fetch(jwks_uri, kid:, auto_detect: true, **options)
+          cache_key = [
+            'json:jwk:set',
+            OpenSSL::Digest::MD5.hexdigest(jwks_uri),
+            kid
+          ].collect(&:to_s).join(':')
+          jwks = Set.new(
+            JSON.parse(
+              cache.fetch(cache_key, options) do
+                http_client.get_content(jwks_uri)
+              end
+            )
+          )
+          if auto_detect
+            jwks[kid] or raise KidNotFound
+          else
+            jwks
+          end
+        end
+      end
+    end
+  end
+end

data/lib/json/jwk/set.rb CHANGED Viewed

@@ -19,6 +19,12 @@ module JSON
         'application/jwk-set+json'
       end
+      def [](kid)
+        detect do |jwk|
+          jwk[:kid] && jwk[:kid] == kid
+        end
+      end
       def as_json(options = {})
         # NOTE: Array.new wrapper is requied to avoid CircularReferenceError
         {keys: Array.new(self)}

data/lib/json/jwt.rb CHANGED Viewed

@@ -1,11 +1,16 @@
 require 'openssl'
 require 'base64'
+require 'httpclient'
 require 'active_support'
 require 'active_support/core_ext'
 require 'json/jose'
 module JSON
   class JWT < ActiveSupport::HashWithIndifferentAccess
+    VERSION = ::File.read(
+      ::File.join(::File.dirname(__FILE__), '../../VERSION')
+    ).chomp
     attr_accessor :blank_payload
     attr_accessor :signature
@@ -132,3 +137,5 @@ require 'json/jwe'
 require 'json/jwk'
 require 'json/jwk/jwkizable'
 require 'json/jwk/set'
+require 'json/jwk/set/fetcher'
+require 'json/jwk/set/fetcher/debugger/request_filter'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.14.0
+  version: 1.15.3
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-09 00:00:00.000000000 Z
+date: 2022-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -117,6 +145,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/FUNDING.yml"
+- ".github/workflows/test_ruby.yml"
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
@@ -132,6 +161,8 @@ files:
 - lib/json/jwk.rb
 - lib/json/jwk/jwkizable.rb
 - lib/json/jwk/set.rb
+- lib/json/jwk/set/fetcher.rb
+- lib/json/jwk/set/fetcher/debugger/request_filter.rb
 - lib/json/jws.rb
 - lib/json/jwt.rb
 homepage: https://github.com/nov/json-jwt