json-jwt 1.6.2 → 1.6.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 701cf86a3ceb49918c808ffdd2d207d6711c6803
4
- data.tar.gz: 7a00b2dac244dfee8ded0665f35fc7dd02eb7fef
3
+ metadata.gz: 2d76ce03978dc2dcfb42f7061d0613fdf9d8dba2
4
+ data.tar.gz: ad36d966f39107a7e9e7ecd0521780674d7b31b5
5
5
  SHA512:
6
- metadata.gz: 62d1b3916ddcfed3e7169d9fccb3b8c59b29ff0b2e7f9c9ee7b9c6dc28966c7706f59c013c44d9e5a0a3d8237d7325c37b822d1fcc66f45123e77a80760f6f52
7
- data.tar.gz: 59c93232656b3da54db7b58ae15f8efffc1179a9d211daa3327f8634907409c768a1a7513cb68af2a567dbce0ff06fb29a6fdb0da743233349f9cff0f893c913
6
+ metadata.gz: f9fff9a8a5519bcec6cb67eb2153c2ca6f852191b18ddc98011e56fa228bcc94be9c1621fcef734402053d4755b83120e0b1a89b7396a0ea26396cdedda17f9d
7
+ data.tar.gz: 258a78cfd221accbf30f91ff35c0b5774cc1f463a61311b5412bacb0425fb0bbf1887f900a39197bd2d83bd7210b40c215824dd5a71a4b508f2b91b5e6cbadb1
@@ -3,7 +3,6 @@ before_install:
3
3
  - git submodule update --init --recursive
4
4
 
5
5
  rvm:
6
- - 2.0
7
- - 2.1
8
- - 2.2
9
- - 2.3.0
6
+ - 2.2.2 # NOTE: 2.2.1 or lower aren't supported by activesupport 5.0, CI isn't needed for such legacy versions.
7
+ - 2.2.5
8
+ - 2.3.1
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.6.2
1
+ 1.6.3
@@ -30,7 +30,7 @@ module JSON
30
30
  def update(hash_or_jwt)
31
31
  super
32
32
  if hash_or_jwt.is_a? JSON::JWT
33
- self.header = hash_or_jwt.header
33
+ self.header.update hash_or_jwt.header
34
34
  self.signature = hash_or_jwt.signature
35
35
  end
36
36
  self
@@ -34,7 +34,7 @@ module JSON
34
34
  # This code is needed to keep legacy behavior.
35
35
  algorithm = private_key_or_secret.is_a?(String) ? :HS256 : :RS256
36
36
  end
37
- jws = JWS.new self.dup
37
+ jws = JWS.new self
38
38
  jws.kid ||= private_key_or_secret[:kid] if private_key_or_secret.is_a? JSON::JWK
39
39
  jws.alg = algorithm
40
40
  jws.sign! private_key_or_secret
@@ -265,7 +265,7 @@ describe JSON::JWS do
265
265
  end
266
266
  end
267
267
 
268
- describe 'to_json' do
268
+ describe '#to_json' do
269
269
  let(:alg) { :RS256 }
270
270
  let(:private_key_or_secret) { private_key }
271
271
 
@@ -78,6 +78,41 @@ describe JSON::JWT do
78
78
  jws.kid.should == key[:kid]
79
79
  end
80
80
  end
81
+
82
+ describe 'object copy behaviour' do
83
+ before do
84
+ @jwt = JSON::JWT.new(obj: {foo: :bar})
85
+ @jws = @jwt.sign('secret')
86
+ end
87
+
88
+ context 'when original JWT is modified' do
89
+ before do
90
+ @jwt.header[:x] = :x
91
+ @jwt[:obj][:x] = :x
92
+ end
93
+
94
+ describe 'copied JWS' do
95
+ it 'should be affected as shallow copy, but not as a simple reference' do
96
+ @jws.header.should_not include :x
97
+ @jws[:obj].should include :x
98
+ end
99
+ end
100
+ end
101
+
102
+ context 'when copied JWS is modified' do
103
+ before do
104
+ @jws.header[:x] = :x
105
+ @jws[:obj][:x] = :x
106
+ end
107
+
108
+ describe 'original JWT' do
109
+ it 'should be affected as shallow copy, but not as a simple reference' do
110
+ @jwt.header.should_not include :x
111
+ @jwt[:obj].should include :x
112
+ end
113
+ end
114
+ end
115
+ end
81
116
  end
82
117
 
83
118
  describe '#encrypt' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2
4
+ version: 1.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-25 00:00:00.000000000 Z
11
+ date: 2016-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: multi_json