json-jwt 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 701cf86a3ceb49918c808ffdd2d207d6711c6803
4
- data.tar.gz: 7a00b2dac244dfee8ded0665f35fc7dd02eb7fef
3
+ metadata.gz: 2d76ce03978dc2dcfb42f7061d0613fdf9d8dba2
4
+ data.tar.gz: ad36d966f39107a7e9e7ecd0521780674d7b31b5
5
5
  SHA512:
6
- metadata.gz: 62d1b3916ddcfed3e7169d9fccb3b8c59b29ff0b2e7f9c9ee7b9c6dc28966c7706f59c013c44d9e5a0a3d8237d7325c37b822d1fcc66f45123e77a80760f6f52
7
- data.tar.gz: 59c93232656b3da54db7b58ae15f8efffc1179a9d211daa3327f8634907409c768a1a7513cb68af2a567dbce0ff06fb29a6fdb0da743233349f9cff0f893c913
6
+ metadata.gz: f9fff9a8a5519bcec6cb67eb2153c2ca6f852191b18ddc98011e56fa228bcc94be9c1621fcef734402053d4755b83120e0b1a89b7396a0ea26396cdedda17f9d
7
+ data.tar.gz: 258a78cfd221accbf30f91ff35c0b5774cc1f463a61311b5412bacb0425fb0bbf1887f900a39197bd2d83bd7210b40c215824dd5a71a4b508f2b91b5e6cbadb1
@@ -3,7 +3,6 @@ before_install:
3
3
  - git submodule update --init --recursive
4
4
 
5
5
  rvm:
6
- - 2.0
7
- - 2.1
8
- - 2.2
9
- - 2.3.0
6
+ - 2.2.2 # NOTE: 2.2.1 or lower aren't supported by activesupport 5.0, CI isn't needed for such legacy versions.
7
+ - 2.2.5
8
+ - 2.3.1
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.6.2
1
+ 1.6.3
@@ -30,7 +30,7 @@ module JSON
30
30
  def update(hash_or_jwt)
31
31
  super
32
32
  if hash_or_jwt.is_a? JSON::JWT
33
- self.header = hash_or_jwt.header
33
+ self.header.update hash_or_jwt.header
34
34
  self.signature = hash_or_jwt.signature
35
35
  end
36
36
  self
@@ -34,7 +34,7 @@ module JSON
34
34
  # This code is needed to keep legacy behavior.
35
35
  algorithm = private_key_or_secret.is_a?(String) ? :HS256 : :RS256
36
36
  end
37
- jws = JWS.new self.dup
37
+ jws = JWS.new self
38
38
  jws.kid ||= private_key_or_secret[:kid] if private_key_or_secret.is_a? JSON::JWK
39
39
  jws.alg = algorithm
40
40
  jws.sign! private_key_or_secret
@@ -265,7 +265,7 @@ describe JSON::JWS do
265
265
  end
266
266
  end
267
267
 
268
- describe 'to_json' do
268
+ describe '#to_json' do
269
269
  let(:alg) { :RS256 }
270
270
  let(:private_key_or_secret) { private_key }
271
271
 
@@ -78,6 +78,41 @@ describe JSON::JWT do
78
78
  jws.kid.should == key[:kid]
79
79
  end
80
80
  end
81
+
82
+ describe 'object copy behaviour' do
83
+ before do
84
+ @jwt = JSON::JWT.new(obj: {foo: :bar})
85
+ @jws = @jwt.sign('secret')
86
+ end
87
+
88
+ context 'when original JWT is modified' do
89
+ before do
90
+ @jwt.header[:x] = :x
91
+ @jwt[:obj][:x] = :x
92
+ end
93
+
94
+ describe 'copied JWS' do
95
+ it 'should be affected as shallow copy, but not as a simple reference' do
96
+ @jws.header.should_not include :x
97
+ @jws[:obj].should include :x
98
+ end
99
+ end
100
+ end
101
+
102
+ context 'when copied JWS is modified' do
103
+ before do
104
+ @jws.header[:x] = :x
105
+ @jws[:obj][:x] = :x
106
+ end
107
+
108
+ describe 'original JWT' do
109
+ it 'should be affected as shallow copy, but not as a simple reference' do
110
+ @jwt.header.should_not include :x
111
+ @jwt[:obj].should include :x
112
+ end
113
+ end
114
+ end
115
+ end
81
116
  end
82
117
 
83
118
  describe '#encrypt' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2
4
+ version: 1.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-25 00:00:00.000000000 Z
11
+ date: 2016-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json