RubyGems - jwt - Versions diffs - 1.0.0 → 1.2.0 - Mend

jwt 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fee3225d7739e1ab161dc39347ac2a20798f8fde
+  data.tar.gz: 979eb55ee5a17bba062741a6024d11000b45d7fc
+SHA512:
+  metadata.gz: 423bb31cbe9140a3f8d627f87b8131d36d980e9d70dd844a5876a4d91665f145f9e8ac43d5f77f975e180d23387366473c3bc9ff70f31d466e7c3edfd97cdde4
+  data.tar.gz: ec9d3d47e5e877a8f8b03b2447611b2a1f23c863624827dfa7832bebae40ffcaaff8173da23f10df0a9660fda36ebf7980e306eb3b891091dc31423eea39e6a2

data/Rakefile CHANGED Viewed

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
-Echoe.new('jwt', '1.0.0') do |p|
+Echoe.new('jwt', '1.2.0') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"

data/jwt.gemspec CHANGED Viewed

@@ -1,26 +1,27 @@
 # -*- encoding: utf-8 -*-
+# stub: jwt 1.2.0 ruby lib
 Gem::Specification.new do |s|
   s.name = "jwt"
-  s.version = "1.0.0"
+  s.version = "1.2.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
   s.authors = ["Jeff Lindsay"]
-  s.date = "2014-05-07"
+  s.date = "2014-11-24"
   s.description = "JSON Web Token implementation in Ruby"
   s.email = "progrium@gmail.com"
   s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]
-  s.files = ["Rakefile", "lib/jwt.rb", "lib/jwt/json.rb", "spec/helper.rb", "spec/jwt_spec.rb", "Manifest", "jwt.gemspec"]
+  s.files = ["Manifest", "Rakefile", "jwt.gemspec", "lib/jwt.rb", "lib/jwt/json.rb", "spec/helper.rb", "spec/jwt_spec.rb"]
   s.homepage = "http://github.com/progrium/ruby-jwt"
   s.licenses = ["MIT"]
   s.rdoc_options = ["--line-numbers", "--title", "Jwt", "--main", "README.md"]
-  s.require_paths = ["lib"]
   s.rubyforge_project = "jwt"
-  s.rubygems_version = "1.8.23"
+  s.rubygems_version = "2.3.0"
   s.summary = "JSON Web Token implementation in Ruby"
   if s.respond_to? :specification_version then
-    s.specification_version = 3
+    s.specification_version = 4
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_development_dependency(%q<echoe>, [">= 4.6.3"])

data/lib/jwt.rb CHANGED Viewed

@@ -10,6 +10,7 @@ require "jwt/json"
 module JWT
   class DecodeError < StandardError; end
+  class ExpiredSignature < StandardError; end
   extend JWT::Json
   module_function
@@ -93,16 +94,25 @@ module JWT
     [header, payload, signature, signing_input]
   end
-  def decode(jwt, key=nil, verify=true, &keyfinder)
+  def decode(jwt, key=nil, verify=true, options={}, &keyfinder)
     raise JWT::DecodeError.new("Nil JSON web token") unless jwt
     header, payload, signature, signing_input = decoded_segments(jwt, verify)
     raise JWT::DecodeError.new("Not enough or too many segments") unless header && payload
+    default_options = {
+      :verify_expiration => true,
+      :leeway => 0
+    }
+    options = default_options.merge(options)
     if verify
       algo, key = signature_algorithm_and_key(header, key, &keyfinder)
       verify_signature(algo, key, signing_input, signature)
     end
+    if options[:verify_expiration] && payload.include?('exp')
+      raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'] > (Time.now.to_i - options[:leeway])
+    end
     return payload,header
   end

data/spec/jwt_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@ require 'helper'
 describe JWT do
   before do
-    @payload = {"foo" => "bar"}
+    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1}
   end
   it "encodes and decodes JWTs" do
@@ -122,20 +122,46 @@ describe JWT do
     JWT.decode(jwt, secret)
   end
+  it "raises error when expired" do
+    expired_payload = @payload.clone
+    expired_payload['exp'] = Time.now.to_i - 1
+    secret = "secret"
+    jwt = JWT.encode(expired_payload, secret)
+    expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ExpiredSignature)
+  end
+  it "performs normal decode with skipped expiration check" do
+    expired_payload = @payload.clone
+    expired_payload['exp'] = Time.now.to_i - 1
+    secret = "secret"
+    jwt = JWT.encode(expired_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
+    expect(decoded_payload).to include(expired_payload)
+  end
+  it "performs normal decode using leeway" do
+    expired_payload = @payload.clone
+    expired_payload['exp'] = Time.now.to_i - 2
+    secret = "secret"
+    jwt = JWT.encode(expired_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
+    expect(decoded_payload).to include(expired_payload)
+  end
   describe "secure comparison" do
     it "returns true if strings are equal" do
-      expect(JWT.secure_compare("Foo", "Foo")).to be_true
+      expect(JWT.secure_compare("Foo", "Foo")).to be true
     end
     it "returns false if either input is nil or empty" do
       [nil, ""].each do |bad|
-        expect(JWT.secure_compare(bad, "Foo")).to be_false
-        expect(JWT.secure_compare("Foo", bad)).to be_false
+        expect(JWT.secure_compare(bad, "Foo")).to be false
+        expect(JWT.secure_compare("Foo", bad)).to be false
       end
     end
     it "retuns false if the strings are different" do
-      expect(JWT.secure_compare("Foo", "Bar")).to be_false
+      expect(JWT.secure_compare("Foo", "Bar")).to be false
     end
   end

metadata CHANGED Viewed

@@ -1,30 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 1.0.0
-  prerelease:
+  version: 1.2.0
 platform: ruby
 authors:
 - Jeff Lindsay
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-05-07 00:00:00.000000000 Z
+date: 2014-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: echoe
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.6.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.6.3
 description: JSON Web Token implementation in Ruby
@@ -35,41 +32,40 @@ extra_rdoc_files:
 - lib/jwt.rb
 - lib/jwt/json.rb
 files:
+- Manifest
 - Rakefile
+- jwt.gemspec
 - lib/jwt.rb
 - lib/jwt/json.rb
 - spec/helper.rb
 - spec/jwt_spec.rb
-- Manifest
-- jwt.gemspec
 homepage: http://github.com/progrium/ruby-jwt
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options:
-- --line-numbers
-- --title
+- "--line-numbers"
+- "--title"
 - Jwt
-- --main
+- "--main"
 - README.md
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '1.2'
 requirements: []
 rubyforge_project: jwt
-rubygems_version: 1.8.23
+rubygems_version: 2.3.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: JSON Web Token implementation in Ruby
 test_files: []