json-jwt 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/json/jws.rb +2 -0
  4. data/spec/json/jwt_spec.rb +53 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9c915d6a8de83f170d97ca50cb41ce59daf27109
4
- data.tar.gz: e07327aad3ed0772746939176c4941011cf53301
3
+ metadata.gz: 61f28048138f4b10565dc12635af8189689e3add
4
+ data.tar.gz: 171bf70c7eb2228bb60fe2bc76fafac4be8a41fd
5
5
  SHA512:
6
- metadata.gz: 1e45a3641dacb886fc1b4984f9fe53d5b0189e66225bb05957ab60cc932075bf94e651d96387fdad26dec8fa4f99d7ed5c085706625f14d5043c5e9f1862a2e8
7
- data.tar.gz: f49791f3062639f6cbd0bf09e24d4720566c012f4a81c122903d8b4432735d2efe83d647693acfe6ceb797a515696d7a60220b3fcd46f3081791ccf5c177f17d
6
+ metadata.gz: 124947df2eeba6fcf18e2e59b14c01c4eb9049cb20c2591c1b25d687f1d8bd0f6c361861521e199a329dd2d476d3b041767799429c3e8776a18961a6beeb0c00
7
+ data.tar.gz: 67bb6063b0c644a1017fa9c05b682746f13438f0d4f9be8aba2baf0861edbfe14239d176c3b9e6152302aaf05d527648257b20dd2358800c1e87f56ab73159b3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.8.0
1
+ 0.8.1
data/lib/json/jws.rb CHANGED
@@ -79,6 +79,8 @@ module JSON
79
79
  else
80
80
  raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
81
81
  end
82
+ rescue TypeError => e
83
+ raise UnexpectedAlgorithm.new(e.message)
82
84
  end
83
85
 
84
86
  def verify_ecdsa_group!(key)
data/spec/json/jwt_spec.rb CHANGED
@@ -145,6 +145,59 @@ describe JSON::JWT do
145
145
  end
146
146
  end
147
147
 
148
+ context 'when alg header malformed' do
149
+ context 'from alg=HS256' do
150
+ context 'to alg=none' do
151
+ let(:malformed_jwt) do
152
+ jwt = JSON::JWT.decode jws.to_s, :skip_verification
153
+ jwt.header[:alg] = :none
154
+ jwt.signature = ''
155
+ jwt
156
+ end
157
+
158
+ it 'should do verification' do
159
+ expect do
160
+ JSON::JWT.decode malformed_jwt.to_s, 'secret'
161
+ end.to raise_error JSON::JWT::VerificationFailed
162
+ end
163
+ end
164
+ end
165
+
166
+ context 'from alg=RS256' do
167
+ let(:jws) do
168
+ jwt.sign private_key, :RS256
169
+ end
170
+
171
+ context 'to alg=none' do
172
+ let(:malformed_jwt) do
173
+ jwt = JSON::JWT.decode jws.to_s, :skip_verification
174
+ jwt.header[:alg] = :none
175
+ jwt.signature = ''
176
+ jwt
177
+ end
178
+
179
+ it 'should fail verification' do
180
+ expect do
181
+ JSON::JWT.decode malformed_jwt.to_s, public_key
182
+ end.to raise_error JSON::JWT::UnexpectedAlgorithm
183
+ end
184
+ end
185
+
186
+ context 'to alg=HS256' do
187
+ let(:malformed_jwt) do
188
+ jwt = JSON::JWT.decode jws.to_s, :skip_verification
189
+ jwt.sign public_key.to_s, :HS256
190
+ end
191
+
192
+ it 'should fail verification' do
193
+ expect do
194
+ JSON::JWT.decode malformed_jwt.to_s, public_key
195
+ end.to raise_error JSON::JWS::UnexpectedAlgorithm
196
+ end
197
+ end
198
+ end
199
+ end
200
+
148
201
  context 'when :skip_verification given as secret/key' do
149
202
  it 'should skip verification' do
150
203
  expect do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-28 00:00:00.000000000 Z
11
+ date: 2015-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json