json-jwt 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- data/Gemfile.lock +1 -2
- data/VERSION +1 -1
- data/lib/json/jws.rb +3 -3
- data/lib/json/jwt.rb +7 -3
- data/spec/json/jws_spec.rb +1 -1
- data/spec/json/jwt_spec.rb +6 -5
- metadata +8 -2
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
json-jwt (0.3.
|
4
|
+
json-jwt (0.3.3)
|
5
5
|
activesupport (>= 2.3)
|
6
6
|
i18n
|
7
7
|
json (>= 1.4.3)
|
@@ -22,7 +22,6 @@ GEM
|
|
22
22
|
hashie (1.2.0)
|
23
23
|
i18n (0.6.1)
|
24
24
|
json (1.7.5)
|
25
|
-
json (1.7.5-java)
|
26
25
|
multi_json (1.3.6)
|
27
26
|
rake (0.9.2.2)
|
28
27
|
rspec (2.11.0)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.3.
|
1
|
+
0.3.3
|
data/lib/json/jws.rb
CHANGED
@@ -13,8 +13,8 @@ module JSON
|
|
13
13
|
self
|
14
14
|
end
|
15
15
|
|
16
|
-
def verify(public_key_or_secret)
|
17
|
-
public_key_or_secret && valid?(public_key_or_secret) or
|
16
|
+
def verify(signature_base_string, public_key_or_secret)
|
17
|
+
public_key_or_secret && valid?(signature_base_string, public_key_or_secret) or
|
18
18
|
raise VerificationFailed
|
19
19
|
end
|
20
20
|
|
@@ -66,7 +66,7 @@ module JSON
|
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
|
-
def valid?(public_key_or_secret)
|
69
|
+
def valid?(signature_base_string, public_key_or_secret)
|
70
70
|
case
|
71
71
|
when hmac?
|
72
72
|
secret = public_key_or_secret
|
data/lib/json/jwt.rb
CHANGED
@@ -28,12 +28,12 @@ module JSON
|
|
28
28
|
JWS.new(self).sign!(private_key_or_secret)
|
29
29
|
end
|
30
30
|
|
31
|
-
def verify(public_key_or_secret = nil)
|
31
|
+
def verify(signature_base_string, public_key_or_secret = nil)
|
32
32
|
if header[:alg].to_s == 'none'
|
33
33
|
raise UnexpectedAlgorithm if public_key_or_secret
|
34
34
|
signature == '' or raise VerificationFailed
|
35
35
|
else
|
36
|
-
JWS.new(self).verify(public_key_or_secret)
|
36
|
+
JWS.new(self).verify(signature_base_string, public_key_or_secret)
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
@@ -61,7 +61,11 @@ module JSON
|
|
61
61
|
jwt = new claims
|
62
62
|
jwt.header = header
|
63
63
|
jwt.signature = signature
|
64
|
-
|
64
|
+
|
65
|
+
# NOTE:
|
66
|
+
# Some JSON libraries generates wrong format of JSON (spaces between keys and values etc.)
|
67
|
+
# So we need to use raw base64 strings for signature verification.
|
68
|
+
jwt.verify signature_base_string, key_or_secret unless key_or_secret == :skip_verification
|
65
69
|
jwt
|
66
70
|
when 3 # JWE
|
67
71
|
# TODO: Concept code first.
|
data/spec/json/jws_spec.rb
CHANGED
data/spec/json/jwt_spec.rb
CHANGED
@@ -46,10 +46,10 @@ describe JSON::JWT do
|
|
46
46
|
describe '#verify' do
|
47
47
|
context 'when not signed nor encrypted' do
|
48
48
|
let(:jwt) do
|
49
|
-
|
49
|
+
header_base64, claims_base64, signature = no_signed.split('.', 3).collect do |segment|
|
50
50
|
UrlSafeBase64.decode64 segment.to_s
|
51
51
|
end
|
52
|
-
header, claims = [
|
52
|
+
header, claims = [header_base64, claims_base64].collect do |json|
|
53
53
|
JSON.parse json, symbolize_names: true, symbolize_keys: true
|
54
54
|
end
|
55
55
|
jwt = JSON::JWT.new claims
|
@@ -57,17 +57,18 @@ describe JSON::JWT do
|
|
57
57
|
jwt.signature = signature
|
58
58
|
jwt
|
59
59
|
end
|
60
|
+
let(:signature_base_string) { no_signed.split('.', 3)[0,2].join('.') }
|
60
61
|
|
61
62
|
context 'when no signature nor public_key_or_secret given' do
|
62
63
|
it do
|
63
|
-
jwt.verify.should be_true
|
64
|
+
jwt.verify(signature_base_string).should be_true
|
64
65
|
end
|
65
66
|
end
|
66
67
|
|
67
68
|
context 'when public_key_or_secret given' do
|
68
69
|
it do
|
69
70
|
expect do
|
70
|
-
jwt.verify 'secret'
|
71
|
+
jwt.verify signature_base_string, 'secret'
|
71
72
|
end.to raise_error JSON::JWT::UnexpectedAlgorithm
|
72
73
|
end
|
73
74
|
end
|
@@ -77,7 +78,7 @@ describe JSON::JWT do
|
|
77
78
|
|
78
79
|
it do
|
79
80
|
expect do
|
80
|
-
jwt.verify
|
81
|
+
jwt.verify signature_base_string
|
81
82
|
end.to raise_error JSON::JWT::VerificationFailed
|
82
83
|
end
|
83
84
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-10-
|
12
|
+
date: 2012-10-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: json
|
@@ -172,12 +172,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
172
172
|
- - ! '>='
|
173
173
|
- !ruby/object:Gem::Version
|
174
174
|
version: '0'
|
175
|
+
segments:
|
176
|
+
- 0
|
177
|
+
hash: -4331477712692770542
|
175
178
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
176
179
|
none: false
|
177
180
|
requirements:
|
178
181
|
- - ! '>='
|
179
182
|
- !ruby/object:Gem::Version
|
180
183
|
version: '0'
|
184
|
+
segments:
|
185
|
+
- 0
|
186
|
+
hash: -4331477712692770542
|
181
187
|
requirements: []
|
182
188
|
rubyforge_project:
|
183
189
|
rubygems_version: 1.8.24
|