json_web_token 0.3.1 → 0.3.2

data/spec/json_web_token/format/base64_url_spec.rb

@@ -1,84 +0,0 @@
-require 'json_web_token/format/base64_url'
-
-module JsonWebToken
-  module Format
-    describe Base64Url do
-      context '#encode' do
-        shared_examples_for 'w #decode' do
-          it 'matches' do
-            encoded = Base64Url.encode(str)
-            expect(Base64Url.decode encoded).to eql str
-          end
-        end
-
-        describe 'typical' do
-          let(:str) { '{"typ":"JWT", "alg":"HS256"}' }
-          it_behaves_like 'w #decode'
-        end
-
-        describe 'w whitespace' do
-          let(:str) { '{"typ" :"JWT" ,  "alg" :"HS256"   }' }
-          it_behaves_like 'w #decode'
-        end
-
-        describe 'w line feed and carriage return' do
-          let(:str) { '{"typ":"JWT",/n "a/rlg":"HS256"}' }
-          it_behaves_like 'w #decode'
-        end
-
-        shared_examples_for 'given encoding' do
-          it 'matches' do
-            expect(Base64Url.encode str).to eql encoded
-            expect(Base64Url.decode encoded).to eql str
-          end
-        end
-
-        describe 'w no padding char' do
-          let(:str) { '{"typ":"JWT", "alg":"none"}' }
-          let(:encoded) { 'eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9'}
-          it_behaves_like 'given encoding'
-        end
-
-        context 'w 1 padding char' do
-          let(:str) { '{"typ":"JWT", "alg":"algorithm"}' }
-
-          describe 'present' do
-            let(:encoded) { 'eyJ0eXAiOiJKV1QiLCAiYWxnIjoiYWxnb3JpdGhtIn0='}
-            it 'matches' do
-              expect(Base64Url.decode encoded).to eql str
-            end
-          end
-
-          describe 'removed' do
-            let(:encoded) { 'eyJ0eXAiOiJKV1QiLCAiYWxnIjoiYWxnb3JpdGhtIn0'}
-            it_behaves_like 'given encoding'
-          end
-        end
-
-        context 'w 2 padding char' do
-          let(:str) { '{"typ":"JWT", "alg":"HS256"}' }
-
-          describe 'present' do
-            let(:encoded) { 'eyJ0eXAiOiJKV1QiLCAiYWxnIjoiSFMyNTYifQ=='}
-            it 'matches' do
-              expect(Base64Url.decode encoded).to eql str
-            end
-          end
-
-          describe 'removed' do
-            let(:encoded) { 'eyJ0eXAiOiJKV1QiLCAiYWxnIjoiSFMyNTYifQ'}
-            it_behaves_like 'given encoding'
-          end
-        end
-
-        describe 'invalid encoding' do
-          let(:encoded) { 'InR5cCI6IkpXVCIsICJhbGciOiJub25lI'}
-          it 'raises' do
-            expect { Base64Url.decode(encoded) }
-              .to raise_error(RuntimeError, 'Invalid base64 string')
-          end
-        end
-      end
-    end
-  end
-end

data/spec/json_web_token/jwa_spec.rb

@@ -1,71 +0,0 @@
-require 'json_web_token/algorithm/rsa_util'
-require 'json_web_token/jwa'
-require 'support/ecdsa_key'
-
-module JsonWebToken
-
-  RsaUtil = JsonWebToken::Algorithm::RsaUtil
-
-  describe Jwa do
-    let(:signing_input) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
-    shared_examples_for 'w #verify?' do
-      it 'true' do
-        expect(Jwa.verify? mac, algorithm, verifying_key, signing_input).to be true
-      end
-    end
-    context '#sign' do
-      let(:mac) { Jwa.sign(algorithm, signing_key, signing_input) }
-      describe 'HS256' do
-        let(:algorithm) { 'HS256' }
-        let(:signing_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-        let(:verifying_key) { signing_key }
-        it_behaves_like 'w #verify?'
-
-        it 'returns a 32-byte MAC' do
-          expect(mac.bytesize).to eql 32
-        end
-      end
-
-      describe 'RS256' do
-        let(:algorithm) { 'RS256' }
-        let(:path_to_keys) { 'spec/fixtures/rsa' }
-        let(:signing_key) { RsaUtil.private_key(path_to_keys) }
-        let(:verifying_key) { RsaUtil.public_key(path_to_keys) }
-        it_behaves_like 'w #verify?'
-
-        it 'returns a 256-byte MAC' do
-          expect(mac.bytesize).to eql 256
-        end
-      end
-
-      describe 'ES256' do
-        let(:algorithm) { 'ES256' }
-        it 'w #verify? true, returns a 64-byte MAC' do
-          private_key = EcdsaKey.curve_new('256')
-          public_key_str = EcdsaKey.public_key_str(private_key)
-          public_key = EcdsaKey.public_key_new('256', public_key_str)
-
-          mac = Jwa.sign(algorithm, private_key, signing_input)
-          expect(Jwa.verify? mac, algorithm, public_key, signing_input).to be true
-
-          expect(mac.bytesize).to eql 64
-        end
-      end
-    end
-
-    context 'param validation' do
-      context 'w HS256 key' do
-        let(:shared_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-        describe 'unrecognized algorithm' do
-          ['HT256', 'HS257', '', nil].each do |elt|
-            let(:algorithm) { "#{elt}" }
-            it 'raises' do
-              expect { Jwa.sign(algorithm, shared_key, signing_input) }
-                .to raise_error(RuntimeError, 'Unrecognized algorithm')
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/spec/json_web_token/jws_spec.rb

@@ -1,119 +0,0 @@
-require 'json_web_token/jws'
-require 'support/ecdsa_key'
-
-module JsonWebToken
-  describe Jws do
-    context 'w payload' do
-      let(:payload) { '{"iss":"joe","exp":1300819380,"http://example.com/is_root":true}' }
-      context '#sign' do
-        shared_examples_for 'does #verify' do
-          it 'w a jws' do
-            jws = Jws.sign(header, payload, signing_key)
-            expect(Jws.verify jws, algorithm, verifying_key).to include({ok: jws})
-          end
-        end
-
-        context 'w HS256 keys' do
-          let(:signing_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-          let(:verifying_key) { signing_key }
-          context "w HS256 'alg' header parameter" do
-            let(:header) { {alg: 'HS256'} }
-            context 'w passing a matching algorithm to #verify' do
-              let(:algorithm) { 'HS256' }
-              it_behaves_like 'does #verify'
-
-              describe 'w/o passing key to #verify' do
-                it 'returns error' do
-                  jws = Jws.sign(header, payload, signing_key)
-                  expect(Jws.verify jws, algorithm, nil).to include({error: 'invalid'})
-                end
-              end
-
-              describe 'w passing a changed key to #verify' do
-                let(:changed_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9Z' }
-                it 'returns error' do
-                  jws = Jws.sign(header, payload, signing_key)
-                  expect(Jws.verify jws, algorithm, changed_key).to include({error: 'invalid'})
-                end
-              end
-            end
-
-            describe 'w/o passing a matching algorithm to #verify' do
-              let(:algorithm) { 'RS256' }
-              it 'raises' do
-                jws = Jws.sign(header, payload, signing_key)
-                expect { Jws.verify(jws, algorithm, verifying_key) }
-                  .to raise_error(RuntimeError, "Algorithm not matching 'alg' header parameter")
-              end
-            end
-          end
-        end
-
-        context "w ES256 'alg' header parameter" do
-          let(:header) { {alg: 'ES256'} }
-          describe 'w passing a matching algorithm to #verify' do
-            let(:algorithm) { 'ES256' }
-            it 'w a jws' do
-              private_key = EcdsaKey.curve_new('256')
-              public_key_str = EcdsaKey.public_key_str(private_key)
-              public_key = EcdsaKey.public_key_new('256', public_key_str)
-
-              jws = Jws.sign(header, payload, private_key)
-              expect(Jws.verify jws, algorithm, public_key).to include({ok: jws})
-            end
-          end
-        end
-      end
-
-      context 'header validation' do
-        let(:signing_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-        describe "w/o a recognized 'alg' header parameter" do
-          let(:header) { {alg: 'HS257'} }
-          it 'raises' do
-            expect { Jws.sign(header, payload, signing_key) }
-              .to raise_error(RuntimeError, 'Unrecognized algorithm')
-          end
-        end
-
-        describe "w/o a required 'alg' header parameter" do
-          let(:header) { {typ: 'JWT'} }
-          it 'raises' do
-            expect { Jws.sign(header, payload, signing_key) }
-              .to raise_error(RuntimeError, "Missing required 'alg' header parameter")
-          end
-        end
-      end
-
-      context '#unsecured_message' do
-        context 'w valid header' do
-          let(:header) { {alg: 'none'} }
-          describe 'w passing a matching algorithm to #verify' do
-            let(:algorithm) { 'none' }
-            it 'w a jws' do
-              jws = Jws.unsecured_message(header, payload)
-              expect(Jws.verify jws, algorithm).to include({ok: jws})
-            end
-          end
-
-          describe 'w/o passing a matching algorithm to #verify' do
-            let(:algorithm) { 'HS256' }
-            let(:verifying_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-            it 'raises' do
-              jws = Jws.unsecured_message(header, payload)
-              expect { Jws.verify(jws, algorithm, verifying_key) }
-                .to raise_error(RuntimeError, "Algorithm not matching 'alg' header parameter")
-            end
-          end
-        end
-
-        describe 'w invalid header' do
-          let(:header) { {alg: 'HS256'} }
-          it 'raises' do
-            expect { Jws.unsecured_message(header, payload) }
-              .to raise_error(RuntimeError, "Invalid 'alg' header parameter")
-          end
-        end
-      end
-    end
-  end
-end

data/spec/json_web_token/jwt_spec.rb

@@ -1,142 +0,0 @@
-require 'json_web_token/jwt'
-require 'support/ecdsa_key'
-require 'support/plausible_jwt'
-
-module JsonWebToken
-  describe Jwt do
-    context '#sign' do
-      shared_examples_for 'does #verify' do
-        it 'w a claims set' do
-          jwt = Jwt.sign(claims, sign_options)
-          expect(Jwt.verify(jwt, verify_options)[:ok]).to include(claims)
-        end
-      end
-
-      shared_examples_for 'return a jwt' do
-        it 'that is plausible' do
-          jwt = Jwt.sign(claims, sign_options)
-          expect(plausible_message_signature? jwt).to be true
-        end
-      end
-
-      context 'w claims' do
-        let(:claims) { { iss: 'joe', exp: 1300819380, :'http://example.com/is_root' => true} }
-        context 'w HS256 keys' do
-          let(:signing_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-          let(:verifying_key) { signing_key }
-          let(:verify_options) { {key: verifying_key} }
-          describe 'default header' do
-            let(:sign_options) { {key: signing_key} }
-            it_behaves_like 'does #verify'
-            it_behaves_like 'return a jwt'
-          end
-
-          describe 'w alg option' do
-            let(:sign_options) { {alg: 'HS256', key: signing_key} }
-            it_behaves_like 'does #verify'
-            it_behaves_like 'return a jwt'
-          end
-
-          describe 'w alg: nil option' do
-            let(:sign_options) { {alg: nil, key: signing_key} }
-            it_behaves_like 'does #verify'
-            it_behaves_like 'return a jwt'
-          end
-
-          describe "w alg empty string option" do
-            let(:sign_options) { {alg: '', key: signing_key} }
-            it_behaves_like 'does #verify'
-            it_behaves_like 'return a jwt'
-          end
-
-          describe "w alg: 'none' option" do
-            let(:sign_options) { {alg: 'none', key: signing_key} }
-            it 'raises' do
-              jwt = Jwt.sign(claims, sign_options)
-              expect { Jwt.verify(jwt, verify_options) }
-                .to raise_error(RuntimeError, "Algorithm not matching 'alg' header parameter")
-            end
-          end
-        end
-
-        describe 'w/o key w default header alg' do
-          it 'raises' do
-            expect { Jwt.sign(claims, {}) }
-              .to raise_error(RuntimeError, 'Invalid shared key')
-          end
-        end
-
-        describe 'w HS256 key changed' do
-          let(:sign_options) { {alg: 'HS256', key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'} }
-          let(:changed_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9Z' }
-          let(:verify_options) { {key: verifying_key} }
-          it 'raises' do
-            jwt = Jwt.sign(claims, sign_options)
-            expect(Jwt.verify jwt, {key: changed_key}).to include(error: 'invalid')
-          end
-        end
-
-        context "w ES256 'alg' header parameter" do
-          let(:algorithm) { 'ES256' }
-          describe 'w passing a matching algorithm to #verify' do
-            it 'is verified and plausible' do
-              private_key = EcdsaKey.curve_new('256')
-              public_key_str = EcdsaKey.public_key_str(private_key)
-              public_key = EcdsaKey.public_key_new('256', public_key_str)
-
-              sign_options = {alg: algorithm, key: private_key}
-              jwt = Jwt.sign(claims, sign_options)
-
-              verify_options = {alg: algorithm, key: public_key}
-              expect(Jwt.verify(jwt, verify_options)[:ok]).to eql claims
-
-              expect(plausible_message_signature? jwt, 64).to be true
-            end
-          end
-        end
-
-        context 'w/o key' do
-          context "w alg: 'none' header parameter" do
-            let(:sign_options) { {alg: 'none'} }
-            describe "w verify alg: 'none'" do
-              let(:verify_options) { {alg: 'none'} }
-              it 'verifies a plausible unsecured jws' do
-                jwt = Jwt.sign(claims, sign_options)
-                expect(Jwt.verify(jwt, verify_options)[:ok]).to include(claims)
-                expect(plausible_unsecured_message? jwt).to be true
-              end
-            end
-
-            describe 'w default verify alg' do
-              it 'raises' do
-                jwt = Jwt.sign(claims, sign_options)
-                expect { Jwt.verify(jwt, {alg: nil}) }
-                  .to raise_error(RuntimeError, "Algorithm not matching 'alg' header parameter")
-              end
-            end
-          end
-        end
-      end
-
-      context 'param validation' do
-        let(:options) { {key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C'} }
-        shared_examples_for 'w/o claims' do
-          it 'raises' do
-            expect { Jwt.sign(claims, options) }
-              .to raise_error(RuntimeError, 'Claims blank')
-          end
-        end
-
-        describe 'w claims nil' do
-          let(:claims) { nil }
-          it_behaves_like 'w/o claims'
-        end
-
-        describe 'w claims an empty string' do
-          let(:claims) { '' }
-          it_behaves_like 'w/o claims'
-        end
-      end
-    end
-  end
-end

data/spec/json_web_token/util_spec.rb

@@ -1,24 +0,0 @@
-require 'json_web_token/util'
-
-module JsonWebToken
-  describe Util do
-    describe '#constant_time_compare?' do
-      it 'guards against empty or nil strings' do
-        expect(Util.constant_time_compare? 'a', 'a').to be true
-
-        expect(Util.constant_time_compare? 'a', 'b').to be false
-        expect(Util.constant_time_compare? 'a', 'A').to be false
-        expect(Util.constant_time_compare? '', '').to be false
-        expect(Util.constant_time_compare? nil, nil).to be false
-      end
-    end
-
-    describe '#symbolize_keys' do
-      it 'returns a new hash with all keys converted to symbols' do
-        original = {'a' =>  0, 'b' => '2', c: '3'}
-        expect(Util.symbolize_keys original).to include({a: 0, b: '2', c: '3'})
-        expect(original).to eql original
-      end
-    end
-  end
-end

data/spec/json_web_token_spec.rb

@@ -1,47 +0,0 @@
-require 'json_web_token'
-
-describe JsonWebToken do
-  context '#sign' do
-    let(:claims) { { iss: 'joe', exp: 1300819380, :'http://example.com/is_root' => true} }
-    shared_examples_for 'w #verify' do
-      it 'w a claims set' do
-        jwt = JsonWebToken.sign(claims, sign_options)
-        expect(JsonWebToken.verify(jwt, verify_options)[:ok]).to include(claims)
-      end
-    end
-
-    context 'w HS256 keys' do
-      let(:signing_key) { 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C' }
-      let(:verifying_key) { signing_key }
-
-      describe 'default alg' do
-        let(:sign_options) { {key: signing_key} }
-        let(:verify_options) { {key: verifying_key} }
-        it_behaves_like 'w #verify'
-      end
-
-      context "w 'alg' option" do
-        describe 'HS256' do
-          let(:sign_options) { {alg: 'HS256', key: signing_key} }
-          let(:verify_options) { {alg: 'HS256', key: verifying_key} }
-          it_behaves_like 'w #verify'
-        end
-
-        describe "w alg 'none'" do
-          let(:sign_options) { {alg: 'none', key: signing_key} }
-          let(:verify_options) { {alg: 'none', key: verifying_key} }
-          it_behaves_like 'w #verify'
-        end
-      end
-    end
-  end
-
-  context 'module alias JWT' do
-    describe '#sign' do
-      let(:claims) { { iss: 'joe', exp: 1300819380, :'http://example.com/is_root' => true} }
-      it 'recognized' do
-        expect(JsonWebToken.sign(claims, key: 'gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C')).to be
-      end
-    end
-  end
-end