jwt 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/Rakefile +1 -1
  2. data/jwt.gemspec +2 -4
  3. data/lib/jwt.rb +13 -8
  4. data/spec/jwt.rb +16 -2
  5. metadata +5 -26
  6. data.tar.gz.sig +0 -2
  7. metadata.gz.sig +0 -0
data/Rakefile CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
  require 'rake'
3
3
  require 'echoe'
4
4
 
5
- Echoe.new('jwt', '0.1.3') do |p|
5
+ Echoe.new('jwt', '0.1.4') do |p|
6
6
  p.description = "JSON Web Token implementation in Ruby"
7
7
  p.url = "http://github.com/progrium/ruby-jwt"
8
8
  p.author = "Jeff Lindsay"
data/jwt.gemspec CHANGED
@@ -2,12 +2,11 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{jwt}
5
- s.version = "0.1.3"
5
+ s.version = "0.1.4"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = [%q{Jeff Lindsay}]
9
- s.cert_chain = [%q{/Users/progrium/.gem/gem-public_cert.pem}]
10
- s.date = %q{2011-06-30}
9
+ s.date = %q{2011-11-11}
11
10
  s.description = %q{JSON Web Token implementation in Ruby}
12
11
  s.email = %q{jeff.lindsay@twilio.com}
13
12
  s.extra_rdoc_files = [%q{lib/jwt.rb}]
@@ -17,7 +16,6 @@ Gem::Specification.new do |s|
17
16
  s.require_paths = [%q{lib}]
18
17
  s.rubyforge_project = %q{jwt}
19
18
  s.rubygems_version = %q{1.8.5}
20
- s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
21
19
  s.summary = %q{JSON Web Token implementation in Ruby}
22
20
 
23
21
  if s.respond_to? :specification_version then
data/lib/jwt.rb CHANGED
@@ -1,8 +1,8 @@
1
1
  #
2
2
  # JSON Web Token implementation
3
3
  #
4
- # Minimum implementation based on this spec:
5
- # http://self-issued.info/docs/draft-jones-json-web-token-01.html
4
+ # Should be up to date with the latest spec:
5
+ # http://self-issued.info/docs/draft-jones-json-web-token-06.html
6
6
 
7
7
  require "base64"
8
8
  require "openssl"
@@ -43,35 +43,40 @@ module JWT
43
43
  end
44
44
 
45
45
  def self.encode(payload, key, algorithm='HS256')
46
+ algorithm ||= "none"
46
47
  segments = []
47
48
  header = {"typ" => "JWT", "alg" => algorithm}
48
49
  segments << base64url_encode(header.to_json)
49
50
  segments << base64url_encode(payload.to_json)
50
51
  signing_input = segments.join('.')
51
- signature = sign(algorithm, signing_input, key)
52
- segments << base64url_encode(signature)
52
+ if algorithm != "none"
53
+ signature = sign(algorithm, signing_input, key)
54
+ segments << base64url_encode(signature)
55
+ else
56
+ segments << ""
57
+ end
53
58
  segments.join('.')
54
59
  end
55
60
 
56
61
  def self.decode(jwt, key=nil, verify=true)
57
62
  segments = jwt.split('.')
58
- raise JWT::DecodeError.new("Not enough or too many segments") unless segments.length == 3
63
+ raise JWT::DecodeError.new("Not enough or too many segments") unless [2,3].include? segments.length
59
64
  header_segment, payload_segment, crypto_segment = segments
60
65
  signing_input = [header_segment, payload_segment].join('.')
61
66
  begin
62
67
  header = JSON.parse(base64url_decode(header_segment))
63
68
  payload = JSON.parse(base64url_decode(payload_segment))
64
- signature = base64url_decode(crypto_segment)
69
+ signature = base64url_decode(crypto_segment) if verify
65
70
  rescue JSON::ParserError
66
71
  raise JWT::DecodeError.new("Invalid segment encoding")
67
72
  end
68
- if verify
73
+ if verify == true
69
74
  algo = header['alg']
70
75
 
71
76
  if ["HS256", "HS384", "HS512"].include?(algo)
72
77
  raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
73
78
  elsif ["RS256", "RS384", "RS512"].include?(algo)
74
- verify_rsa(algo, key, signing_input, signature)
79
+ raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
75
80
  else
76
81
  raise JWT::DecodeError.new("Algorithm not supported")
77
82
  end
data/spec/jwt.rb CHANGED
@@ -27,12 +27,19 @@ describe JWT do
27
27
  decoded_payload.should == example_payload
28
28
  end
29
29
 
30
- it "raises exception with wrong key" do
30
+ it "raises exception with wrong hmac key" do
31
31
  right_secret = 'foo'
32
32
  bad_secret = 'bar'
33
- jwt_message = JWT.encode(@payload, right_secret)
33
+ jwt_message = JWT.encode(@payload, right_secret, "HS256")
34
34
  lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
35
35
  end
36
+
37
+ it "raises exception with wrong rsa key" do
38
+ right_private_key = OpenSSL::PKey::RSA.generate(512)
39
+ bad_private_key = OpenSSL::PKey::RSA.generate(512)
40
+ jwt = JWT.encode(@payload, right_private_key, "RS256")
41
+ lambda { JWT.decode(jwt, bad_private_key.public_key) }.should raise_error(JWT::DecodeError)
42
+ end
36
43
 
37
44
  it "allows decoding without key" do
38
45
  right_secret = 'foo'
@@ -45,4 +52,11 @@ describe JWT do
45
52
  it "raises exception on unsupported crypto algorithm" do
46
53
  lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
47
54
  end
55
+
56
+ it "encodes and decodes plaintext JWTs" do
57
+ jwt = JWT.encode(@payload, nil, nil)
58
+ jwt.split('.').length.should == 2
59
+ decoded_payload = JWT.decode(jwt, nil, nil)
60
+ decoded_payload.should == @payload
61
+ end
48
62
  end
metadata CHANGED
@@ -1,42 +1,21 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 19
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 3
10
- version: 0.1.3
9
+ - 4
10
+ version: 0.1.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jeff Lindsay
14
14
  autorequire:
15
15
  bindir: bin
16
- cert_chain:
17
- - |
18
- -----BEGIN CERTIFICATE-----
19
- MIIDPDCCAiSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBEMRUwEwYDVQQDDAxqZWZm
20
- LmxpbmRzYXkxFjAUBgoJkiaJk/IsZAEZFgZ0d2lsaW8xEzARBgoJkiaJk/IsZAEZ
21
- FgNjb20wHhcNMTAwNTA0MjE0NzE3WhcNMTEwNTA0MjE0NzE3WjBEMRUwEwYDVQQD
22
- DAxqZWZmLmxpbmRzYXkxFjAUBgoJkiaJk/IsZAEZFgZ0d2lsaW8xEzARBgoJkiaJ
23
- k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb1P6c
24
- /CN4l2pYBO0d5y7YHW3XJbj5d+5c1E9m2PcvUJ4Vjr7ISQM1SYpwixnWMBXBpzc1
25
- En9YB+PYBEOOaIRh2G23aKdu7PnYQhze91qOBcHnf6LOckq25NbWQO8eaiXD3w5W
26
- HRXOcmzigyTYRIhXBa93eMSihWAXThcfGFKNbtKerVhytT/UVHZU3pr9gCvt9vD0
27
- aBmwMwvDlpO72eXPr5ow3Z+VzCc51iBNC07uvR/wFQ6/lS8ULBpHI9wcdo67wdv5
28
- SaSZSGZCmG1pXov0Ahji7yqFMQ9oot5RDPZavZN3Fh3n6e2hdcSMlLgGkEGYaBVx
29
- gdQFudko7rc5cWTdAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0G
30
- A1UdDgQWBBRXFNQ8j0GGeMiiPWhAlHB356JPGDANBgkqhkiG9w0BAQUFAAOCAQEA
31
- VzMJe10HfJtglbDah9h9lxv8uzK2uV7bXRcIbMCGEdx8cByM+cfKOnoWVDQBVPWA
32
- VznqXdPsrVC70PAMMTk66ro2ciyudilVEuxEl7rhaz0tj9FzNyJUHBKCD4KpGwkC
33
- K435qpJsHMi9k0KxY17grmsE2Hq60lFLK8ZrqgDblEAKTeaGAykMxp9KJOwAKnY2
34
- 4lUY/SVtRuTk0YXsIPNFLYUhYt7arkJtkwWV41GWhj7PbcM5uk5sGoh0aueMzY7f
35
- TvklqXtUw3g3PcoJ8CZw68WaB2/MuJXUehRCZThhkBwi8bDKZzh4rtI/WEb1EgDs
36
- WZqts+sMhUpDxxL+p6p6bQ==
37
- -----END CERTIFICATE-----
16
+ cert_chain: []
38
17
 
39
- date: 2011-06-30 00:00:00 Z
18
+ date: 2011-11-11 00:00:00 Z
40
19
  dependencies:
41
20
  - !ruby/object:Gem::Dependency
42
21
  name: json
data.tar.gz.sig DELETED
@@ -1,2 +0,0 @@
1
- s��f:]�����Ӟk�QF��'��1���څ�g��,��n�����Fg�[�}��nf�m&w:!0jx��z�6?i�?�q劢�}���ƴ{Ú!1����a<ey�E;����p�@���C��r-N}��� A��Eqĵ.�s� s!���U��M��旓C�QW���M#�΢%�\��6-�o���׉��hD˨��o1v�9Jk���O�ĩ`��k
2
- ޤQ�r�%�o.i�e��5�P
metadata.gz.sig DELETED
Binary file