json-jwt 1.16.7 → 1.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/spec.yml +8 -8
  3. data/VERSION +1 -1
  4. data/lib/json/jwk/set/fetcher.rb +14 -7
  5. data/lib/json/jwk/set.rb +1 -1
  6. data/lib/json/jws.rb +1 -0
  7. metadata +3 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ff9257afeb38d25d140c0c79a61a2cab02988de75c22fc28287d2e5ffb31e56c
4
- data.tar.gz: 991d63f84efdd78c07285f1af5b7e9e4eb4d676c4183da5c838a036789598a26
3
+ metadata.gz: 477700420d1f91dfa45a302ecccc12c76548a8a5f281ac709f2b406b76e2abbf
4
+ data.tar.gz: b4e2f42d9fa50ff0902e8e72a3584ebc760d18b82c857e532f390253472d96a7
5
5
  SHA512:
6
- metadata.gz: 7768f064e72788a1dfd20e79790bd8d8ca73b8909fd48425a57e1aead11df1c93bf71d91bb72060fedb08bc6e082a77785fe7aa55138bbefc5ec8b003c36b81f
7
- data.tar.gz: ea64d0752787f2ea267c7afe3917af9a81899263c6328617cc6233a80ab15b8e36759990e7cd0583f1ffb8e7b2f66629dfa8498e849ebcd4314c3f299049b4d7
6
+ metadata.gz: 66ce8c45f9d3c046a749e2cff596258eec0d63ee842e8033a691efe745d8cd44b4943a8a70700cd1ee8692e4417ad67b658155a1cc7ad0cd0313d142b4751489
7
+ data.tar.gz: 21e4328f6b842ab18293bd735f973131db0a7ed1f308023ef976df3c25c9a4a0d59e6481f561bfa90b7921560eff7b856cc6b6cffc0e89f68ceb26b012847a39
data/.github/workflows/spec.yml CHANGED
@@ -11,21 +11,21 @@ permissions:
11
11
 
12
12
  jobs:
13
13
  spec:
14
+ runs-on: ubuntu-latest
15
+ name: Ruby ${{ matrix.ruby }}
14
16
  strategy:
15
17
  matrix:
16
- os: ['ubuntu-20.04', 'ubuntu-22.04']
17
- ruby-version: ['3.1', '3.2', '3.3']
18
- include:
19
- - os: 'ubuntu-20.04'
20
- ruby-version: '3.0'
21
- runs-on: ${{ matrix.os }}
22
-
18
+ ruby:
19
+ - '3.2'
20
+ - '3.3'
21
+ - '3.4'
22
+ - '4.0'
23
23
  steps:
24
24
  - uses: actions/checkout@v3
25
25
  - name: Set up Ruby
26
26
  uses: ruby/setup-ruby@v1
27
27
  with:
28
- ruby-version: ${{ matrix.ruby-version }}
28
+ ruby-version: ${{ matrix.ruby }}
29
29
  bundler-cache: true
30
30
  - name: Run Specs
31
31
  run: bundle exec rake spec
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.16.7
1
+ 1.17.1
data/lib/json/jwk/set/fetcher.rb CHANGED
@@ -2,6 +2,8 @@ module JSON
2
2
  class JWK
3
3
  class Set
4
4
  module Fetcher
5
+ class UnexpectedFormat < JWT::Exception; end
6
+
5
7
  class Cache
6
8
  def fetch(cache_key, options = {})
7
9
  yield
@@ -65,13 +67,18 @@ module JSON
65
67
  kid
66
68
  ].collect(&:to_s).join(':')
67
69
 
68
- jwks = Set.new(
69
- JSON.parse(
70
- cache.fetch(cache_key, options) do
71
- http_client.get(jwks_uri).body
72
- end
73
- )
70
+ parsed_jwks = JSON.parse(
71
+ cache.fetch(cache_key, options) do
72
+ http_client.get(jwks_uri).body
73
+ end
74
74
  )
75
+
76
+ unless parsed_jwks.is_a?(Hash) && parsed_jwks['keys'].is_a?(Array)
77
+ cache.delete(cache_key, options)
78
+ raise UnexpectedFormat
79
+ end
80
+
81
+ jwks = Set.new(parsed_jwks)
75
82
  cache.delete(cache_key, options) if jwks[kid].blank?
76
83
 
77
84
  if auto_detect
@@ -83,4 +90,4 @@ module JSON
83
90
  end
84
91
  end
85
92
  end
86
- end
93
+ end
data/lib/json/jwk/set.rb CHANGED
@@ -31,4 +31,4 @@ module JSON
31
31
  end
32
32
  end
33
33
  end
34
- end
34
+ end
data/lib/json/jws.rb CHANGED
@@ -20,6 +20,7 @@ module JSON
20
20
 
21
21
  def verify!(public_key_or_secret, algorithms = nil)
22
22
  if alg&.to_sym == :none
23
+ raise UnexpectedAlgorithm unless algorithms.blank? || Array(algorithms).include?(:none)
23
24
  raise UnexpectedAlgorithm if public_key_or_secret
24
25
  signature == '' or raise VerificationFailed
25
26
  elsif algorithms.blank? || Array(algorithms).include?(alg&.to_sym)
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.16.7
4
+ version: 1.17.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain: []
11
- date: 2024-10-15 00:00:00.000000000 Z
10
+ date: 1980-01-02 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: activesupport
@@ -196,7 +195,6 @@ homepage: https://github.com/nov/json-jwt
196
195
  licenses:
197
196
  - MIT
198
197
  metadata: {}
199
- post_install_message:
200
198
  rdoc_options: []
201
199
  require_paths:
202
200
  - lib
@@ -211,8 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
211
209
  - !ruby/object:Gem::Version
212
210
  version: '0'
213
211
  requirements: []
214
- rubygems_version: 3.5.16
215
- signing_key:
212
+ rubygems_version: 4.0.10
216
213
  specification_version: 4
217
214
  summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
218
215
  JSON Web Key) in Ruby