RubyGems - json-jwt - Versions diffs - 1.2.4 → 1.3.0 - Mend

json-jwt 1.2.4 → 1.3.0

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 277237d4a352434fcec5c0ba7b57c9b1a8d11995
-  data.tar.gz: efabaf69fe883f6fdfb74a57bab183476a52c7c3
+  metadata.gz: 393c87ad2b36883b90bf57ee4b79e0fd43c7462b
+  data.tar.gz: 81ced2dc972bedaf304ab791dc48850fa53bfec8
 SHA512:
-  metadata.gz: 28b18f91c670f47765b070ce57c0bed07d98f5120c4046e4e4dd4439412e287ce4282a0f2909612bb3a1942260d13bb0c9b36648c9913772c584f5b5b221d1b8
-  data.tar.gz: 636e0f99153f0eef1f477dc4bee7ffb7a75a6fa22e1104b83778c8a88bb19ae5a392e7d93a1c6da69573aa6c72fe2febbf18141efa88dc1d544eca41295a68de
+  metadata.gz: 421c8a8601deb9f96658c578d66ad49007d59ffc8747478f110e3ed71d69ae95b2bdda80171cc0c1505c90df1868d9fddf696bd04fa162b3c8aed83090407203
+  data.tar.gz: 9d5b2c367038b83ed08bd255c1d2776228dd60e9cf965e33435ef600fca5ca76f990fcca3ff2ce346deaf9fcd2f079797cdcb8764546d3639192462327e23880

data/README.md CHANGED Viewed

@@ -6,7 +6,9 @@ JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON
 ## Installation
-  gem install json-jwt
+```
+gem install json-jwt
+```
 ## Resources
@@ -76,11 +78,14 @@ Supported `encryption_method` are
 #### Decoding
 ```ruby
-jwt_string = "jwt_header.jwt_claims.jwt_signature"
-JSON::JWT.decode(jwt_string, key)
+input = "jwt_header.jwt_claims.jwt_signature"
+JSON::JWT.decode(input, key)
 ```
+`input` can be JSON, in that case, it's handled as General/Flattened JWS JSON Serialization.
+NOTE: General JWS JSON Serialization with multiple signatures aren't supported.
 Supported `key` are
 * `String`
 * `OpenSSL::PKey::RSA`

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.2.4
1	+ 1.3.0

data/lib/json/jws.rb CHANGED Viewed

@@ -21,27 +21,6 @@ module JSON
       raise VerificationFailed
     end
-    def as_json(options = {})
-      case options[:syntax]
-      when :general
-        {
-          payload: UrlSafeBase64.encode64(self.to_json),
-          signatures: {
-            protected: UrlSafeBase64.encode64(header.to_json),
-            signature: UrlSafeBase64.encode64(signature.to_s)
-          }
-        }
-      when :flattened
-        {
-          protected: UrlSafeBase64.encode64(header.to_json),
-          payload:   UrlSafeBase64.encode64(self.to_json),
-          signature: UrlSafeBase64.encode64(signature.to_s)
-        }
-      else
-        super
-      end
-    end
     def update_with_jose_attributes(hash_or_jwt)
       update_without_jose_attributes hash_or_jwt
       if hash_or_jwt.is_a? JSON::JWT

data/lib/json/jwt.rb CHANGED Viewed

@@ -46,7 +46,7 @@ module JSON
     end
     def sign(private_key_or_secret, algorithm = :HS256)
-      jws = JWS.new(self)
+      jws = JWS.new self
       jws.alg = algorithm
       jws.sign! private_key_or_secret
     end
@@ -61,7 +61,7 @@ module JSON
     end
     def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
-      jwe = JWE.new(self)
+      jwe = JWE.new self
       jwe.alg = algorithm
       jwe.enc = encryption_method
       jwe.encrypt! public_key_or_secret
@@ -77,8 +77,39 @@ module JSON
       end.join('.')
     end
+    def as_json(options = {})
+      case options[:syntax]
+      when :general
+        {
+          payload: UrlSafeBase64.encode64(self.to_json),
+          signatures: [{
+            protected: UrlSafeBase64.encode64(header.to_json),
+            signature: UrlSafeBase64.encode64(signature.to_s)
+          }]
+        }
+      when :flattened
+        {
+          protected: UrlSafeBase64.encode64(header.to_json),
+          payload:   UrlSafeBase64.encode64(self.to_json),
+          signature: UrlSafeBase64.encode64(signature.to_s)
+        }
+      else
+        super
+      end
+    end
     class << self
-      def decode(jwt_string, key_or_secret = nil)
+      def decode(input, key_or_secret = nil)
+        if input.is_a? Hash
+          decode_json_serialized input, key_or_secret
+        else
+          decode_compact_serialized input, key_or_secret
+        end
+      end
+      private
+      def decode_compact_serialized(jwt_string, key_or_secret)
         case jwt_string.count('.') + 1
         when JWS::NUM_OF_SEGMENTS # JWT / JWS
           header, claims, signature = jwt_string.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
@@ -115,11 +146,24 @@ module JSON
         raise InvalidFormat.new("Invalid JSON Format")
       end
-      # # NOTE: Ugly hack to avoid this ActiveSupport 4.0 bug.
-      # #  https://github.com/rails/rails/issues/11087
-      # def new_from_hash_copying_default(hash)
-      #   superclass.new_from_hash_copying_default hash
-      # end
+      def decode_json_serialized(input, key_or_secret)
+        input = input.with_indifferent_access
+        header, payload, signature = if input[:signatures].present?
+          [
+            input[:signatures].first[:protected],
+            input[:payload],
+            input[:signatures].first[:signature]
+          ].collect do |segment|
+            segment
+          end
+        else
+          [:protected, :payload, :signature].collect do |key|
+            input[key]
+          end
+        end
+        jwt_string = [header, payload, signature].join('.')
+        decode_compact_serialized jwt_string, key_or_secret
+      end
     end
   end
 end

data/spec/json/jws_spec.rb CHANGED Viewed

@@ -280,10 +280,10 @@ describe JSON::JWS do
         it 'should return General JWS JSON Serialization' do
           signed.to_json(syntax: :general).should == {
             payload: UrlSafeBase64.encode64(claims.to_json),
-            signatures: {
+            signatures: [{
               protected: UrlSafeBase64.encode64(signed.header.to_json),
               signature: UrlSafeBase64.encode64(signed.signature)
-            }
+            }]
           }.to_json
         end
@@ -291,10 +291,10 @@ describe JSON::JWS do
           it 'should not fail' do
             jws.to_json(syntax: :general).should == {
               payload: UrlSafeBase64.encode64(claims.to_json),
-              signatures: {
+              signatures: [{
                 protected: UrlSafeBase64.encode64(jws.header.to_json),
                 signature: UrlSafeBase64.encode64('')
-              }
+              }]
             }.to_json
           end
         end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.3.0
 platform: ruby
 authors:
 - nov matake