RubyGems - json-jwt - Versions diffs - 0.8.0 → 0.8.1 - Mend

json-jwt 0.8.0 → 0.8.1

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c915d6a8de83f170d97ca50cb41ce59daf27109
-  data.tar.gz: e07327aad3ed0772746939176c4941011cf53301
+  metadata.gz: 61f28048138f4b10565dc12635af8189689e3add
+  data.tar.gz: 171bf70c7eb2228bb60fe2bc76fafac4be8a41fd
 SHA512:
-  metadata.gz: 1e45a3641dacb886fc1b4984f9fe53d5b0189e66225bb05957ab60cc932075bf94e651d96387fdad26dec8fa4f99d7ed5c085706625f14d5043c5e9f1862a2e8
-  data.tar.gz: f49791f3062639f6cbd0bf09e24d4720566c012f4a81c122903d8b4432735d2efe83d647693acfe6ceb797a515696d7a60220b3fcd46f3081791ccf5c177f17d
+  metadata.gz: 124947df2eeba6fcf18e2e59b14c01c4eb9049cb20c2591c1b25d687f1d8bd0f6c361861521e199a329dd2d476d3b041767799429c3e8776a18961a6beeb0c00
+  data.tar.gz: 67bb6063b0c644a1017fa9c05b682746f13438f0d4f9be8aba2baf0861edbfe14239d176c3b9e6152302aaf05d527648257b20dd2358800c1e87f56ab73159b3

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.8.0
1	+ 0.8.1

data/lib/json/jws.rb CHANGED Viewed

@@ -79,6 +79,8 @@ module JSON
       else
         raise UnexpectedAlgorithm.new('Unknown Signature Algorithm')
       end
+    rescue TypeError => e
+      raise UnexpectedAlgorithm.new(e.message)
     end
     def verify_ecdsa_group!(key)

data/spec/json/jwt_spec.rb CHANGED Viewed

@@ -145,6 +145,59 @@ describe JSON::JWT do
         end
       end
+      context 'when alg header malformed' do
+        context 'from alg=HS256' do
+          context 'to alg=none' do
+            let(:malformed_jwt) do
+              jwt = JSON::JWT.decode jws.to_s, :skip_verification
+              jwt.header[:alg] = :none
+              jwt.signature = ''
+              jwt
+            end
+            it 'should do verification' do
+              expect do
+                JSON::JWT.decode malformed_jwt.to_s, 'secret'
+              end.to raise_error JSON::JWT::VerificationFailed
+            end
+          end
+        end
+        context 'from alg=RS256' do
+          let(:jws) do
+            jwt.sign private_key, :RS256
+          end
+          context 'to alg=none' do
+            let(:malformed_jwt) do
+              jwt = JSON::JWT.decode jws.to_s, :skip_verification
+              jwt.header[:alg] = :none
+              jwt.signature = ''
+              jwt
+            end
+            it 'should fail verification' do
+              expect do
+                JSON::JWT.decode malformed_jwt.to_s, public_key
+              end.to raise_error JSON::JWT::UnexpectedAlgorithm
+            end
+          end
+          context 'to alg=HS256' do
+            let(:malformed_jwt) do
+              jwt = JSON::JWT.decode jws.to_s, :skip_verification
+              jwt.sign public_key.to_s, :HS256
+            end
+            it 'should fail verification' do
+              expect do
+                JSON::JWT.decode malformed_jwt.to_s, public_key
+              end.to raise_error JSON::JWS::UnexpectedAlgorithm
+            end
+          end
+        end
+      end
       context 'when :skip_verification given as secret/key' do
         it 'should skip verification' do
           expect do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-28 00:00:00.000000000 Z
+date: 2015-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json