json-jwt 1.16.4 → 1.16.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b8013564b4b30c4927b62572072fa1b3ad320837edd986c0525e12b30f128c9
-  data.tar.gz: b540e2f4622eade018e080d516a73345d88e22a3cae28b2df73f7e4dd98d0291
+  metadata.gz: 67d205daa24111b954cc01c6b9b68baf98c0f932a6afc02c86ca0ff766d4bdd2
+  data.tar.gz: e2d61533659adb4d6d99314aeb0ff7581c1806a09604d4060e0433ceadc82c47
 SHA512:
-  metadata.gz: 4792bb934891114a6a9c48324fa65fa00bcdcc42739c4c578befd642fefaa6974ece725eafaff7377d54e6629757c7b03efeb073210f510aebc2460d4b1c2180
-  data.tar.gz: 1ea058c659af6509bdb7f818e76058fc0645caf7c7f5943dd399f4ec7398ca843677bf2190587270246b22f298db323fa58ae99e7c94144444d04a41ba6d833a
+  metadata.gz: 23bfcadd5ef026d90357e2c9501783811f2e10d9a4950269024e4181a8c3b235077066bf0da00d8334159bf4d8d69ddd49754f60e1a93dcef0f4b5a9bb531118
+  data.tar.gz: 3b22c8b470f40c0b392a1236aad0b2921bc629e915351d41db384ad9c302926c4144be36f859b6e70242c15ca909e69535a0abeac4a3ed1f7d01f2397811796d

data/VERSION

@@ -1 +1 @@
-1.16.4
+1.16.6

data/json-jwt.gemspec

@@ -14,6 +14,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ['lib']
   gem.required_ruby_version = '>= 2.4'
   gem.add_runtime_dependency 'activesupport', '>= 4.2'
+  gem.add_runtime_dependency 'base64'
   gem.add_runtime_dependency 'bindata'
   gem.add_runtime_dependency 'aes_key_wrap'
   gem.add_runtime_dependency 'faraday', '~> 2.0'

data/lib/json/jws.rb

@@ -124,7 +124,8 @@ module JSON
       public_key_or_secret = with_jwk_support public_key_or_secret
       case
       when hmac?
-        secure_compare sign(signature_base_string, public_key_or_secret), signature
+        secret = public_key_or_secret
+        secure_compare sign(signature_base_string, secret), signature
       when rsa?
         public_key = public_key_or_secret
         public_key.verify digest, signature, signature_base_string

data/lib/json/jwt.rb

@@ -109,7 +109,11 @@ module JSON
         when JWS::NUM_OF_SEGMENTS
           JWS.decode_compact_serialized jwt_string, key_or_secret, algorithms, allow_blank_payload
         when JWE::NUM_OF_SEGMENTS
-          JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
+          if allow_blank_payload
+            raise InvalidFormat.new("JWE w/ blank payload is not supported.")
+          else
+            JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
+          end
         else
           raise InvalidFormat.new("Invalid JWT Format. JWT should include #{JWS::NUM_OF_SEGMENTS} or #{JWE::NUM_OF_SEGMENTS} segments.")
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.16.4
+  version: 1.16.6
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-27 00:00:00.000000000 Z
+date: 2024-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bindata
   requirement: !ruby/object:Gem::Requirement
@@ -197,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and