json-jwt 1.2.4 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 277237d4a352434fcec5c0ba7b57c9b1a8d11995
4
- data.tar.gz: efabaf69fe883f6fdfb74a57bab183476a52c7c3
3
+ metadata.gz: 393c87ad2b36883b90bf57ee4b79e0fd43c7462b
4
+ data.tar.gz: 81ced2dc972bedaf304ab791dc48850fa53bfec8
5
5
  SHA512:
6
- metadata.gz: 28b18f91c670f47765b070ce57c0bed07d98f5120c4046e4e4dd4439412e287ce4282a0f2909612bb3a1942260d13bb0c9b36648c9913772c584f5b5b221d1b8
7
- data.tar.gz: 636e0f99153f0eef1f477dc4bee7ffb7a75a6fa22e1104b83778c8a88bb19ae5a392e7d93a1c6da69573aa6c72fe2febbf18141efa88dc1d544eca41295a68de
6
+ metadata.gz: 421c8a8601deb9f96658c578d66ad49007d59ffc8747478f110e3ed71d69ae95b2bdda80171cc0c1505c90df1868d9fddf696bd04fa162b3c8aed83090407203
7
+ data.tar.gz: 9d5b2c367038b83ed08bd255c1d2776228dd60e9cf965e33435ef600fca5ca76f990fcca3ff2ce346deaf9fcd2f079797cdcb8764546d3639192462327e23880
data/README.md CHANGED
@@ -6,7 +6,9 @@ JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON
6
6
 
7
7
  ## Installation
8
8
 
9
- gem install json-jwt
9
+ ```
10
+ gem install json-jwt
11
+ ```
10
12
 
11
13
  ## Resources
12
14
 
@@ -76,11 +78,14 @@ Supported `encryption_method` are
76
78
  #### Decoding
77
79
 
78
80
  ```ruby
79
- jwt_string = "jwt_header.jwt_claims.jwt_signature"
80
-
81
- JSON::JWT.decode(jwt_string, key)
81
+ input = "jwt_header.jwt_claims.jwt_signature"
82
+ JSON::JWT.decode(input, key)
82
83
  ```
83
84
 
85
+ `input` can be JSON, in that case, it's handled as General/Flattened JWS JSON Serialization.
86
+
87
+ NOTE: General JWS JSON Serialization with multiple signatures aren't supported.
88
+
84
89
  Supported `key` are
85
90
  * `String`
86
91
  * `OpenSSL::PKey::RSA`
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.2.4
1
+ 1.3.0
data/lib/json/jws.rb CHANGED
@@ -21,27 +21,6 @@ module JSON
21
21
  raise VerificationFailed
22
22
  end
23
23
 
24
- def as_json(options = {})
25
- case options[:syntax]
26
- when :general
27
- {
28
- payload: UrlSafeBase64.encode64(self.to_json),
29
- signatures: {
30
- protected: UrlSafeBase64.encode64(header.to_json),
31
- signature: UrlSafeBase64.encode64(signature.to_s)
32
- }
33
- }
34
- when :flattened
35
- {
36
- protected: UrlSafeBase64.encode64(header.to_json),
37
- payload: UrlSafeBase64.encode64(self.to_json),
38
- signature: UrlSafeBase64.encode64(signature.to_s)
39
- }
40
- else
41
- super
42
- end
43
- end
44
-
45
24
  def update_with_jose_attributes(hash_or_jwt)
46
25
  update_without_jose_attributes hash_or_jwt
47
26
  if hash_or_jwt.is_a? JSON::JWT
data/lib/json/jwt.rb CHANGED
@@ -46,7 +46,7 @@ module JSON
46
46
  end
47
47
 
48
48
  def sign(private_key_or_secret, algorithm = :HS256)
49
- jws = JWS.new(self)
49
+ jws = JWS.new self
50
50
  jws.alg = algorithm
51
51
  jws.sign! private_key_or_secret
52
52
  end
@@ -61,7 +61,7 @@ module JSON
61
61
  end
62
62
 
63
63
  def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
64
- jwe = JWE.new(self)
64
+ jwe = JWE.new self
65
65
  jwe.alg = algorithm
66
66
  jwe.enc = encryption_method
67
67
  jwe.encrypt! public_key_or_secret
@@ -77,8 +77,39 @@ module JSON
77
77
  end.join('.')
78
78
  end
79
79
 
80
+ def as_json(options = {})
81
+ case options[:syntax]
82
+ when :general
83
+ {
84
+ payload: UrlSafeBase64.encode64(self.to_json),
85
+ signatures: [{
86
+ protected: UrlSafeBase64.encode64(header.to_json),
87
+ signature: UrlSafeBase64.encode64(signature.to_s)
88
+ }]
89
+ }
90
+ when :flattened
91
+ {
92
+ protected: UrlSafeBase64.encode64(header.to_json),
93
+ payload: UrlSafeBase64.encode64(self.to_json),
94
+ signature: UrlSafeBase64.encode64(signature.to_s)
95
+ }
96
+ else
97
+ super
98
+ end
99
+ end
100
+
80
101
  class << self
81
- def decode(jwt_string, key_or_secret = nil)
102
+ def decode(input, key_or_secret = nil)
103
+ if input.is_a? Hash
104
+ decode_json_serialized input, key_or_secret
105
+ else
106
+ decode_compact_serialized input, key_or_secret
107
+ end
108
+ end
109
+
110
+ private
111
+
112
+ def decode_compact_serialized(jwt_string, key_or_secret)
82
113
  case jwt_string.count('.') + 1
83
114
  when JWS::NUM_OF_SEGMENTS # JWT / JWS
84
115
  header, claims, signature = jwt_string.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
@@ -115,11 +146,24 @@ module JSON
115
146
  raise InvalidFormat.new("Invalid JSON Format")
116
147
  end
117
148
 
118
- # # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
119
- # # https://github.com/rails/rails/issues/11087
120
- # def new_from_hash_copying_default(hash)
121
- # superclass.new_from_hash_copying_default hash
122
- # end
149
+ def decode_json_serialized(input, key_or_secret)
150
+ input = input.with_indifferent_access
151
+ header, payload, signature = if input[:signatures].present?
152
+ [
153
+ input[:signatures].first[:protected],
154
+ input[:payload],
155
+ input[:signatures].first[:signature]
156
+ ].collect do |segment|
157
+ segment
158
+ end
159
+ else
160
+ [:protected, :payload, :signature].collect do |key|
161
+ input[key]
162
+ end
163
+ end
164
+ jwt_string = [header, payload, signature].join('.')
165
+ decode_compact_serialized jwt_string, key_or_secret
166
+ end
123
167
  end
124
168
  end
125
169
  end
@@ -280,10 +280,10 @@ describe JSON::JWS do
280
280
  it 'should return General JWS JSON Serialization' do
281
281
  signed.to_json(syntax: :general).should == {
282
282
  payload: UrlSafeBase64.encode64(claims.to_json),
283
- signatures: {
283
+ signatures: [{
284
284
  protected: UrlSafeBase64.encode64(signed.header.to_json),
285
285
  signature: UrlSafeBase64.encode64(signed.signature)
286
- }
286
+ }]
287
287
  }.to_json
288
288
  end
289
289
 
@@ -291,10 +291,10 @@ describe JSON::JWS do
291
291
  it 'should not fail' do
292
292
  jws.to_json(syntax: :general).should == {
293
293
  payload: UrlSafeBase64.encode64(claims.to_json),
294
- signatures: {
294
+ signatures: [{
295
295
  protected: UrlSafeBase64.encode64(jws.header.to_json),
296
296
  signature: UrlSafeBase64.encode64('')
297
- }
297
+ }]
298
298
  }.to_json
299
299
  end
300
300
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.4
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake