json-jwt 1.14.0 → 1.15.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test_ruby.yml +30 -0
  3. data/.travis.yml +4 -4
  4. data/README.md +11 -0
  5. data/VERSION +1 -1
  6. data/json-jwt.gemspec +2 -0
  7. data/lib/json/jose.rb +1 -3
  8. data/lib/json/jwk/set/fetcher/debugger/request_filter.rb +34 -0
  9. data/lib/json/jwk/set/fetcher.rb +87 -0
  10. data/lib/json/jwk/set.rb +6 -0
  11. data/lib/json/jwt.rb +12 -1
  12. metadata +34 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 91fcaee7ac6b72ca2ac913dedf96d5720c979428de6dce8c92dfd20dc692090b
4
- data.tar.gz: 874d9dc15ae88e8378329786239ff8474bb6d79ff4ca83302734eed8e920d497
3
+ metadata.gz: c3d9dceefdfb0168531cd68668848730898141b097c5541cde5cbb95a1bc24d7
4
+ data.tar.gz: 9dd27ddf48a2102ee1da5b8a7da411d10393fb622570a170b63dc328d50db7b3
5
5
  SHA512:
6
- metadata.gz: 5d6bf57a02244d0661ee1a57abdbac9d549db17f25d4f65685d3055b51ad8a20c5f48fb9c50bd069d152192d8c25dd76b44cac65c72d1d66d7f6009d1399ed5d
7
- data.tar.gz: db006e919ed6ee3f5fa87bce489011ec49d87e39e734fe81e1e72dbb8863ab8fe1d30892f960868f1e45176d97950abb2bc847b20b29321bab3912fa8083ca86
6
+ metadata.gz: edbf0b0eb0521841aae74427293f66595ab30dee065b59b21bf0e3bd57f929b8d700caa67d8458e6e832819d962998862067eb8de0ea5530db967f89e4b19cbc
7
+ data.tar.gz: d7dcc87bf09ef1ddcf9b81306c41db9286e62f9f9b90c7838a1073f6d88cdc8a8114be0834dc54c2b1e4a69a7355771257b0093ec63b1554b3bfaeab685b022a
data/.github/workflows/test_ruby.yml ADDED
@@ -0,0 +1,30 @@
1
+ name: Test Ruby
2
+
3
+ on:
4
+ push:
5
+ pull_request:
6
+
7
+ permissions:
8
+ contents: read
9
+
10
+ jobs:
11
+ test:
12
+ strategy:
13
+ matrix:
14
+ os: ['ubuntu-20.04']
15
+ ruby-version: ['2.6', '2.7', '3.0', '3.1']
16
+ # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
17
+ include:
18
+ - os: 'ubuntu-22.04'
19
+ ruby-version: '3.1'
20
+ runs-on: ${{ matrix.os }}
21
+
22
+ steps:
23
+ - uses: actions/checkout@v3
24
+ - name: Set up Ruby
25
+ uses: ruby/setup-ruby@v1
26
+ with:
27
+ ruby-version: ${{ matrix.ruby-version }}
28
+ bundler-cache: true
29
+ - name: Run tests
30
+ run: bundle exec rake
data/.travis.yml CHANGED
@@ -3,10 +3,10 @@ before_install:
3
3
  - git submodule update --init --recursive
4
4
 
5
5
  rvm:
6
- - 2.5.8
7
- - 2.6.6
8
- - 2.7.2
9
- - 3.0.2
6
+ - 2.6.10
7
+ - 2.7.6
8
+ - 3.0.4
9
+ - 3.1.2
10
10
 
11
11
  jdk:
12
12
  - openjdk11
data/README.md CHANGED
@@ -49,6 +49,17 @@ input = "jwt_header.jwt_claims.jwt_signature"
49
49
  JSON::JWT.decode(input, public_key)
50
50
  ```
51
51
 
52
+ If you need to get a JWK from `jwks_uri` of OpenID Connect IdP, you can use `JSON::JWK::Set::Fetcher` to fetch (& optionally cache) it.
53
+
54
+ ```ruby
55
+ # JWK Set Fetching & Caching
56
+ # NOTE: Optionally by setting cache instance, JWKs are cached by kid.
57
+ JSON::JWK::Set::Fetcher.cache = Rails.cache
58
+
59
+ JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
60
+ # => returns JSON::JWK instance or raise JSON::JWK::Set::KidNotFound
61
+ ```
62
+
52
63
  For more details, read [Documentation Wiki](https://github.com/nov/json-jwt/wiki).
53
64
 
54
65
  ## Note on Patches/Pull Requests
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.14.0
1
+ 1.15.3.1
data/json-jwt.gemspec CHANGED
@@ -16,8 +16,10 @@ Gem::Specification.new do |gem|
16
16
  gem.add_runtime_dependency 'activesupport', '>= 4.2'
17
17
  gem.add_runtime_dependency 'bindata'
18
18
  gem.add_runtime_dependency 'aes_key_wrap'
19
+ gem.add_runtime_dependency 'httpclient'
19
20
  gem.add_development_dependency 'rake'
20
21
  gem.add_development_dependency 'simplecov'
22
+ gem.add_development_dependency 'webmock'
21
23
  gem.add_development_dependency 'rspec'
22
24
  gem.add_development_dependency 'rspec-its'
23
25
  end
data/lib/json/jose.rb CHANGED
@@ -26,9 +26,7 @@ module JSON
26
26
  when JSON::JWK
27
27
  key.to_key
28
28
  when JSON::JWK::Set
29
- key.detect do |jwk|
30
- jwk[:kid] && jwk[:kid] == kid
31
- end&.to_key or raise JWK::Set::KidNotFound
29
+ key[kid]&.to_key or raise JWK::Set::KidNotFound
32
30
  else
33
31
  key
34
32
  end
data/lib/json/jwk/set/fetcher/debugger/request_filter.rb ADDED
@@ -0,0 +1,34 @@
1
+ module JSON
2
+ class JWK
3
+ class Set
4
+ module Fetcher
5
+ module Debugger
6
+ class RequestFilter
7
+ # Callback called in HTTPClient (before sending a request)
8
+ # request:: HTTP::Message
9
+ def filter_request(request)
10
+ started = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST STARTED ======="
11
+ log started, request.dump
12
+ end
13
+
14
+ # Callback called in HTTPClient (after received a response)
15
+ # request:: HTTP::Message
16
+ # response:: HTTP::Message
17
+ def filter_response(request, response)
18
+ finished = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST FINISHED ======="
19
+ log '-' * 50, response.dump, finished
20
+ end
21
+
22
+ private
23
+
24
+ def log(*outputs)
25
+ outputs.each do |output|
26
+ JSON::JWK::Set::Fetcher.logger.info output
27
+ end
28
+ end
29
+ end
30
+ end
31
+ end
32
+ end
33
+ end
34
+ end
data/lib/json/jwk/set/fetcher.rb ADDED
@@ -0,0 +1,87 @@
1
+ module JSON
2
+ class JWK
3
+ class Set
4
+ module Fetcher
5
+ class Cache
6
+ def fetch(cache_key, options = {})
7
+ yield
8
+ end
9
+ end
10
+
11
+ def self.logger
12
+ @@logger
13
+ end
14
+ def self.logger=(logger)
15
+ @@logger = logger
16
+ end
17
+ self.logger = Logger.new(STDOUT)
18
+ self.logger.progname = 'JSON::JWK::Set::Fetcher'
19
+
20
+ def self.debugging?
21
+ @@debugging
22
+ end
23
+ def self.debugging=(boolean)
24
+ @@debugging = boolean
25
+ end
26
+ def self.debug!
27
+ self.debugging = true
28
+ end
29
+ def self.debug(&block)
30
+ original = self.debugging?
31
+ debug!
32
+ yield
33
+ ensure
34
+ self.debugging = original
35
+ end
36
+ self.debugging = false
37
+
38
+ def self.http_client
39
+ _http_client_ = HTTPClient.new(
40
+ agent_name: "JSON::JWK::Set::Fetcher (#{JSON::JWT::VERSION})"
41
+ )
42
+
43
+ # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
44
+ _http_client_.ssl_config.clear_cert_store
45
+ _http_client_.ssl_config.cert_store.set_default_paths
46
+
47
+ _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
48
+ http_config.try(:call, _http_client_)
49
+ _http_client_
50
+ end
51
+ def self.http_config(&block)
52
+ @@http_config ||= block
53
+ end
54
+
55
+ def self.cache=(cache)
56
+ @@cache = cache
57
+ end
58
+ def self.cache
59
+ @@cache
60
+ end
61
+ self.cache = Cache.new
62
+
63
+ def self.fetch(jwks_uri, kid:, auto_detect: true, **options)
64
+ cache_key = [
65
+ 'json:jwk:set',
66
+ OpenSSL::Digest::MD5.hexdigest(jwks_uri),
67
+ kid
68
+ ].collect(&:to_s).join(':')
69
+
70
+ jwks = Set.new(
71
+ JSON.parse(
72
+ cache.fetch(cache_key, options) do
73
+ http_client.get_content(jwks_uri)
74
+ end
75
+ )
76
+ )
77
+
78
+ if auto_detect
79
+ jwks[kid] or raise KidNotFound
80
+ else
81
+ jwks
82
+ end
83
+ end
84
+ end
85
+ end
86
+ end
87
+ end
data/lib/json/jwk/set.rb CHANGED
@@ -19,6 +19,12 @@ module JSON
19
19
  'application/jwk-set+json'
20
20
  end
21
21
 
22
+ def [](kid)
23
+ detect do |jwk|
24
+ jwk[:kid] && jwk[:kid] == kid
25
+ end
26
+ end
27
+
22
28
  def as_json(options = {})
23
29
  # NOTE: Array.new wrapper is requied to avoid CircularReferenceError
24
30
  {keys: Array.new(self)}
data/lib/json/jwt.rb CHANGED
@@ -1,11 +1,16 @@
1
1
  require 'openssl'
2
2
  require 'base64'
3
+ require 'httpclient'
3
4
  require 'active_support'
4
5
  require 'active_support/core_ext'
5
6
  require 'json/jose'
6
7
 
7
8
  module JSON
8
9
  class JWT < ActiveSupport::HashWithIndifferentAccess
10
+ VERSION = ::File.read(
11
+ ::File.join(::File.dirname(__FILE__), '../../VERSION')
12
+ ).chomp
13
+
9
14
  attr_accessor :blank_payload
10
15
  attr_accessor :signature
11
16
 
@@ -103,7 +108,11 @@ module JSON
103
108
  when JWS::NUM_OF_SEGMENTS
104
109
  JWS.decode_compact_serialized jwt_string, key_or_secret, algorithms, allow_blank_payload
105
110
  when JWE::NUM_OF_SEGMENTS
106
- JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
111
+ if allow_blank_payload
112
+ raise InvalidFormat.new("JWE w/ blank payload is not supported.")
113
+ else
114
+ JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
115
+ end
107
116
  else
108
117
  raise InvalidFormat.new("Invalid JWT Format. JWT should include #{JWS::NUM_OF_SEGMENTS} or #{JWE::NUM_OF_SEGMENTS} segments.")
109
118
  end
@@ -132,3 +141,5 @@ require 'json/jwe'
132
141
  require 'json/jwk'
133
142
  require 'json/jwk/jwkizable'
134
143
  require 'json/jwk/set'
144
+ require 'json/jwk/set/fetcher'
145
+ require 'json/jwk/set/fetcher/debugger/request_filter'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.14.0
4
+ version: 1.15.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-09 00:00:00.000000000 Z
11
+ date: 2024-03-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: httpclient
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: rake
57
71
  requirement: !ruby/object:Gem::Requirement
@@ -80,6 +94,20 @@ dependencies:
80
94
  - - ">="
81
95
  - !ruby/object:Gem::Version
82
96
  version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: webmock
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
83
111
  - !ruby/object:Gem::Dependency
84
112
  name: rspec
85
113
  requirement: !ruby/object:Gem::Requirement
@@ -117,6 +145,7 @@ extensions: []
117
145
  extra_rdoc_files: []
118
146
  files:
119
147
  - ".github/FUNDING.yml"
148
+ - ".github/workflows/test_ruby.yml"
120
149
  - ".gitignore"
121
150
  - ".gitmodules"
122
151
  - ".rspec"
@@ -132,6 +161,8 @@ files:
132
161
  - lib/json/jwk.rb
133
162
  - lib/json/jwk/jwkizable.rb
134
163
  - lib/json/jwk/set.rb
164
+ - lib/json/jwk/set/fetcher.rb
165
+ - lib/json/jwk/set/fetcher/debugger/request_filter.rb
135
166
  - lib/json/jws.rb
136
167
  - lib/json/jwt.rb
137
168
  homepage: https://github.com/nov/json-jwt
@@ -153,7 +184,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
153
184
  - !ruby/object:Gem::Version
154
185
  version: '0'
155
186
  requirements: []
156
- rubygems_version: 3.1.6
187
+ rubygems_version: 3.5.3
157
188
  signing_key:
158
189
  specification_version: 4
159
190
  summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and