json-jwt 1.2.4 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 277237d4a352434fcec5c0ba7b57c9b1a8d11995
4
- data.tar.gz: efabaf69fe883f6fdfb74a57bab183476a52c7c3
3
+ metadata.gz: 393c87ad2b36883b90bf57ee4b79e0fd43c7462b
4
+ data.tar.gz: 81ced2dc972bedaf304ab791dc48850fa53bfec8
5
5
  SHA512:
6
- metadata.gz: 28b18f91c670f47765b070ce57c0bed07d98f5120c4046e4e4dd4439412e287ce4282a0f2909612bb3a1942260d13bb0c9b36648c9913772c584f5b5b221d1b8
7
- data.tar.gz: 636e0f99153f0eef1f477dc4bee7ffb7a75a6fa22e1104b83778c8a88bb19ae5a392e7d93a1c6da69573aa6c72fe2febbf18141efa88dc1d544eca41295a68de
6
+ metadata.gz: 421c8a8601deb9f96658c578d66ad49007d59ffc8747478f110e3ed71d69ae95b2bdda80171cc0c1505c90df1868d9fddf696bd04fa162b3c8aed83090407203
7
+ data.tar.gz: 9d5b2c367038b83ed08bd255c1d2776228dd60e9cf965e33435ef600fca5ca76f990fcca3ff2ce346deaf9fcd2f079797cdcb8764546d3639192462327e23880
data/README.md CHANGED
@@ -6,7 +6,9 @@ JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON
6
6
 
7
7
  ## Installation
8
8
 
9
- gem install json-jwt
9
+ ```
10
+ gem install json-jwt
11
+ ```
10
12
 
11
13
  ## Resources
12
14
 
@@ -76,11 +78,14 @@ Supported `encryption_method` are
76
78
  #### Decoding
77
79
 
78
80
  ```ruby
79
- jwt_string = "jwt_header.jwt_claims.jwt_signature"
80
-
81
- JSON::JWT.decode(jwt_string, key)
81
+ input = "jwt_header.jwt_claims.jwt_signature"
82
+ JSON::JWT.decode(input, key)
82
83
  ```
83
84
 
85
+ `input` can be JSON, in that case, it's handled as General/Flattened JWS JSON Serialization.
86
+
87
+ NOTE: General JWS JSON Serialization with multiple signatures aren't supported.
88
+
84
89
  Supported `key` are
85
90
  * `String`
86
91
  * `OpenSSL::PKey::RSA`
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.2.4
1
+ 1.3.0
data/lib/json/jws.rb CHANGED
@@ -21,27 +21,6 @@ module JSON
21
21
  raise VerificationFailed
22
22
  end
23
23
 
24
- def as_json(options = {})
25
- case options[:syntax]
26
- when :general
27
- {
28
- payload: UrlSafeBase64.encode64(self.to_json),
29
- signatures: {
30
- protected: UrlSafeBase64.encode64(header.to_json),
31
- signature: UrlSafeBase64.encode64(signature.to_s)
32
- }
33
- }
34
- when :flattened
35
- {
36
- protected: UrlSafeBase64.encode64(header.to_json),
37
- payload: UrlSafeBase64.encode64(self.to_json),
38
- signature: UrlSafeBase64.encode64(signature.to_s)
39
- }
40
- else
41
- super
42
- end
43
- end
44
-
45
24
  def update_with_jose_attributes(hash_or_jwt)
46
25
  update_without_jose_attributes hash_or_jwt
47
26
  if hash_or_jwt.is_a? JSON::JWT
data/lib/json/jwt.rb CHANGED
@@ -46,7 +46,7 @@ module JSON
46
46
  end
47
47
 
48
48
  def sign(private_key_or_secret, algorithm = :HS256)
49
- jws = JWS.new(self)
49
+ jws = JWS.new self
50
50
  jws.alg = algorithm
51
51
  jws.sign! private_key_or_secret
52
52
  end
@@ -61,7 +61,7 @@ module JSON
61
61
  end
62
62
 
63
63
  def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
64
- jwe = JWE.new(self)
64
+ jwe = JWE.new self
65
65
  jwe.alg = algorithm
66
66
  jwe.enc = encryption_method
67
67
  jwe.encrypt! public_key_or_secret
@@ -77,8 +77,39 @@ module JSON
77
77
  end.join('.')
78
78
  end
79
79
 
80
+ def as_json(options = {})
81
+ case options[:syntax]
82
+ when :general
83
+ {
84
+ payload: UrlSafeBase64.encode64(self.to_json),
85
+ signatures: [{
86
+ protected: UrlSafeBase64.encode64(header.to_json),
87
+ signature: UrlSafeBase64.encode64(signature.to_s)
88
+ }]
89
+ }
90
+ when :flattened
91
+ {
92
+ protected: UrlSafeBase64.encode64(header.to_json),
93
+ payload: UrlSafeBase64.encode64(self.to_json),
94
+ signature: UrlSafeBase64.encode64(signature.to_s)
95
+ }
96
+ else
97
+ super
98
+ end
99
+ end
100
+
80
101
  class << self
81
- def decode(jwt_string, key_or_secret = nil)
102
+ def decode(input, key_or_secret = nil)
103
+ if input.is_a? Hash
104
+ decode_json_serialized input, key_or_secret
105
+ else
106
+ decode_compact_serialized input, key_or_secret
107
+ end
108
+ end
109
+
110
+ private
111
+
112
+ def decode_compact_serialized(jwt_string, key_or_secret)
82
113
  case jwt_string.count('.') + 1
83
114
  when JWS::NUM_OF_SEGMENTS # JWT / JWS
84
115
  header, claims, signature = jwt_string.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
@@ -115,11 +146,24 @@ module JSON
115
146
  raise InvalidFormat.new("Invalid JSON Format")
116
147
  end
117
148
 
118
- # # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
119
- # # https://github.com/rails/rails/issues/11087
120
- # def new_from_hash_copying_default(hash)
121
- # superclass.new_from_hash_copying_default hash
122
- # end
149
+ def decode_json_serialized(input, key_or_secret)
150
+ input = input.with_indifferent_access
151
+ header, payload, signature = if input[:signatures].present?
152
+ [
153
+ input[:signatures].first[:protected],
154
+ input[:payload],
155
+ input[:signatures].first[:signature]
156
+ ].collect do |segment|
157
+ segment
158
+ end
159
+ else
160
+ [:protected, :payload, :signature].collect do |key|
161
+ input[key]
162
+ end
163
+ end
164
+ jwt_string = [header, payload, signature].join('.')
165
+ decode_compact_serialized jwt_string, key_or_secret
166
+ end
123
167
  end
124
168
  end
125
169
  end
@@ -280,10 +280,10 @@ describe JSON::JWS do
280
280
  it 'should return General JWS JSON Serialization' do
281
281
  signed.to_json(syntax: :general).should == {
282
282
  payload: UrlSafeBase64.encode64(claims.to_json),
283
- signatures: {
283
+ signatures: [{
284
284
  protected: UrlSafeBase64.encode64(signed.header.to_json),
285
285
  signature: UrlSafeBase64.encode64(signed.signature)
286
- }
286
+ }]
287
287
  }.to_json
288
288
  end
289
289
 
@@ -291,10 +291,10 @@ describe JSON::JWS do
291
291
  it 'should not fail' do
292
292
  jws.to_json(syntax: :general).should == {
293
293
  payload: UrlSafeBase64.encode64(claims.to_json),
294
- signatures: {
294
+ signatures: [{
295
295
  protected: UrlSafeBase64.encode64(jws.header.to_json),
296
296
  signature: UrlSafeBase64.encode64('')
297
- }
297
+ }]
298
298
  }.to_json
299
299
  end
300
300
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.4
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake