json-jwt 1.5.0 → 1.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of json-jwt might be problematic. Click here for more details.

Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/json/jwk.rb +0 -9
  4. data/lib/json/jwt.rb +0 -7
  5. data/spec/json/jwk_spec.rb +0 -86
  6. data/spec/json/jws_spec.rb +2 -2
  7. data/spec/json/jwt_spec.rb +0 -50
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e593ec307b6ef4d7c0f401221c585c615c86c918
4
- data.tar.gz: 4068c3885a7f8417b577f0b5413f567f94612488
3
+ metadata.gz: 6c556b283e2c0c8c4d09eb134c300bad571d22fe
4
+ data.tar.gz: 54ebd68df1a534dc5499c9176b67767c54922e50
5
5
  SHA512:
6
- metadata.gz: b15ef784c658a73d9cf7e5d79fc55966008d08c87f8d1b3b4a4384fd3017a410f490e008ecdbd12d4fdd2347c337533857b66db5569d293c9622a90cbcd1604c
7
- data.tar.gz: 33b50220dfd570e1982d98a3e1a1ee30f52e4d2a3bfb49b616ba24c60463dcac23554c6fc1cbb3da3ee4f7a684f81c6101c7a84839bc727ca578cff2d0d7c313
6
+ metadata.gz: bf0549d83a08baaffad7e7df06f591e7ea3fc983b165747d87e23995a42a55e1c3b0d6366ef0a269787822449f0d478a5d69f226f11ef93cdc583489509d9f3d
7
+ data.tar.gz: 92af636c0e452cbfca9a3445d285b2b7c6399c281190a542fe8a5a0432120cb979ab259c14506a058f1d688ad856b5e5ef0f86d00d803fbfd74593e519fc3e73
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.5.0
1
+ 1.5.1
data/lib/json/jwk.rb CHANGED
@@ -127,14 +127,5 @@ module JSON
127
127
  )
128
128
  key
129
129
  end
130
-
131
- class << self
132
- def decode(jwk)
133
- # NOTE:
134
- # returning OpenSSL::PKey::RSA/EC instance for backward compatibility.
135
- # use `new` if you want JSON::JWK instance.
136
- new(jwk).to_key
137
- end
138
- end
139
130
  end
140
131
  end
data/lib/json/jwt.rb CHANGED
@@ -32,13 +32,6 @@ module JSON
32
32
  jws.sign! private_key_or_secret
33
33
  end
34
34
 
35
- # NOTE: keeping for backward compatibility
36
- def verify(signature_base_string, public_key_or_secret = nil)
37
- jws = JWS.new self
38
- jws.signature_base_string = signature_base_string
39
- jws.verify! public_key_or_secret
40
- end
41
-
42
35
  def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
43
36
  jwe = JWE.new self
44
37
  jwe.alg = algorithm
data/spec/json/jwk_spec.rb CHANGED
@@ -163,90 +163,4 @@ describe JSON::JWK do
163
163
  end.to raise_error JSON::JWK::UnknownAlgorithm, 'Unknown Key Type'
164
164
  end
165
165
  end
166
-
167
- describe '.decode' do
168
- context 'when RSA' do
169
- subject do
170
- JSON::JWK.decode(
171
- kty: :RSA,
172
- n: n,
173
- e: e
174
- )
175
- end
176
- let(:e) { 'AQAB' }
177
- let(:n) { 'AK8ppaAGn6N3jDic2DhDN5mI5mWzvhfL1AFZOS9q2EBM8L5sjZbYiaHeNoKillZGmEF9a9g6Z20bDnoHTuHPsx93HYkZqPumFZ8K9lLCbqKAMWw2Qgk10RgrZ-kblJotTBCeer9-tZSWO-OWFzP4gp8MpSuQOQbwTJwDgEkFIQLUK2YgzWbn1PoW8xcfbVyWhZD880ELGRW6GhRgYAl0DN_EQS8kyUa0CusYCzOOg2W3-7qjYeojyP6jiOEr-eyjC7hcUvTVoTfz84BiZv72KS3i5JS8ZNNuRp5Ce51wjoDDUoNxDLWv6Da6qMaGpKz6NTSNbvhE_KFhpp4wf5yRQD8=' }
178
- let(:pem) do
179
- <<-PEM.strip_heredoc
180
- -----BEGIN PUBLIC KEY-----
181
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArymloAafo3eMOJzYOEM3
182
- mYjmZbO+F8vUAVk5L2rYQEzwvmyNltiJod42gqKWVkaYQX1r2DpnbRsOegdO4c+z
183
- H3cdiRmo+6YVnwr2UsJuooAxbDZCCTXRGCtn6RuUmi1MEJ56v361lJY745YXM/iC
184
- nwylK5A5BvBMnAOASQUhAtQrZiDNZufU+hbzFx9tXJaFkPzzQQsZFboaFGBgCXQM
185
- 38RBLyTJRrQK6xgLM46DZbf7uqNh6iPI/qOI4Sv57KMLuFxS9NWhN/PzgGJm/vYp
186
- LeLklLxk025GnkJ7nXCOgMNSg3EMta/oNrqoxoakrPo1NI1u+ET8oWGmnjB/nJFA
187
- PwIDAQAB
188
- -----END PUBLIC KEY-----
189
- PEM
190
- end
191
-
192
- it { should be_instance_of OpenSSL::PKey::RSA }
193
- its(:to_pem) { should == pem }
194
-
195
- it 'should support string keys' do
196
- JSON::JWK.decode(
197
- 'kty' => 'RSA',
198
- 'n' => n,
199
- 'e' => e
200
- ).should be_instance_of OpenSSL::PKey::RSA
201
- end
202
- end
203
-
204
- context 'when ECDSA' do
205
- [{
206
- alg: 'EC',
207
- crv: 'P-256',
208
- kty: 'EC',
209
- x: 'saPyrO4Lh9kh2FxrF9y1QVmZznWnRRJwpr12UHqzrVY',
210
- y: 'MMz4W9zzqlrJhqr-JyrpvlnaIIyZQE6DfrgPkxMAw1M'
211
- }, {
212
- alg: 'EC',
213
- crv: 'P-384',
214
- kty: 'EC',
215
- x: 'plzApyFnK7qzhg5XnIZbFj2hZoH2Vdl4-RFm7DnsNMG9tyqrpfq2RyjfKABbcFRt',
216
- y: 'ixBzffhk3fcbmeipGLkvQBNCzeNm6QL3hOUTH6IFBzOL0Y7HsGTopNTTspLjlivb'
217
- }, {
218
- alg: 'EC',
219
- crv: 'P-521',
220
- kty: 'EC',
221
- x: 'AcMCD-a0a6rnE9TvC0mOqF_DGXRg5Y3iTb4eHNwTm2kD6iujx9M_f8d_FGHr0OhpqzEn4rYPYZouGsbIPEgL0q__',
222
- y: 'AULYEd8l-bV_BI289aezhSLZ1RDF2ltgDPEy9Y7YtqYa4cJcpiyzVDMpXWwBp6cjg6TXINkoVrVXZhN404ihu4I2'
223
- }].each do |jwk|
224
- describe jwk['crv'] do
225
- it do
226
- JSON::JWK.decode(jwk).should be_instance_of OpenSSL::PKey::EC
227
- end
228
- end
229
- end
230
- end
231
-
232
- context 'when invalid algorithm' do
233
- it do
234
- expect do
235
- JSON::JWK.decode(
236
- kty: :XXX
237
- )
238
- end.to raise_error JSON::JWK::UnknownAlgorithm
239
- end
240
- end
241
-
242
- context 'when no algorithm' do
243
- it do
244
- expect do
245
- JSON::JWK.decode(
246
- x: :x
247
- )
248
- end.to raise_error JSON::JWK::UnknownAlgorithm
249
- end
250
- end
251
- end
252
166
  end
data/spec/json/jws_spec.rb CHANGED
@@ -154,7 +154,7 @@ describe JSON::JWS do
154
154
  end
155
155
  end
156
156
 
157
- describe '#verify' do
157
+ describe '#verify!' do
158
158
  shared_examples_for :success_signature_verification do
159
159
  it do
160
160
  expect { decoded }.not_to raise_error
@@ -259,7 +259,7 @@ describe JSON::JWS do
259
259
  let(:alg) { :unknown }
260
260
  it do
261
261
  expect do
262
- jws.verify jws.send(:signature_base_string), 'key'
262
+ jws.verify! 'key'
263
263
  end.to raise_error JSON::JWS::UnexpectedAlgorithm
264
264
  end
265
265
  end
data/spec/json/jwt_spec.rb CHANGED
@@ -49,56 +49,6 @@ describe JSON::JWT do
49
49
  end
50
50
  end
51
51
 
52
- describe '#verify' do
53
- context 'when not signed nor encrypted' do
54
- let(:jwt) do
55
- header_base64, claims_base64, signature = no_signed.split('.', 3).collect do |segment|
56
- UrlSafeBase64.decode64 segment.to_s
57
- end
58
- header, claims = [header_base64, claims_base64].collect do |json|
59
- MultiJson.load(json).with_indifferent_access
60
- end
61
- jwt = JSON::JWT.new claims
62
- jwt.header = header
63
- jwt.signature = signature
64
- jwt
65
- end
66
- let(:signature_base_string) { no_signed.split('.', 3)[0,2].join('.') }
67
-
68
- context 'when no signature nor public_key_or_secret given' do
69
- it do
70
- jwt.verify(signature_base_string).should == true
71
- end
72
- end
73
-
74
- context 'when public_key_or_secret given' do
75
- it do
76
- expect do
77
- jwt.verify signature_base_string, 'secret'
78
- end.to raise_error JSON::JWT::UnexpectedAlgorithm
79
- end
80
- end
81
-
82
- context 'when signature given' do
83
- before { jwt.signature = 'signature' }
84
-
85
- it do
86
- expect do
87
- jwt.verify signature_base_string
88
- end.to raise_error JSON::JWT::VerificationFailed
89
- end
90
- end
91
- end
92
-
93
- context 'when signed' do
94
- it 'should delegate verification to JWS' do
95
- expect(jws).to receive(:verify!)
96
- expect(JSON::JWS).to receive(:new).and_return(jws)
97
- jwt.verify 'shared_secret'
98
- end
99
- end
100
- end
101
-
102
52
  describe '#encrypt' do
103
53
  let(:shared_key) { SecureRandom.hex 16 } # default shared key is too short
104
54
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-09-11 00:00:00.000000000 Z
11
+ date: 2015-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json