RubyGems - jwt - Versions diffs - 1.2.1 → 1.3.0 - Mend

jwt 1.2.1 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b05ae75c68fd86cab9446c4ad8df062ed5b226f1
-  data.tar.gz: a803c3eaf081008f7c07f3a44d7e2e56d1ecb924
+  metadata.gz: 8f9090c3c5618d2e844c93a71d27b0fc09761f3b
+  data.tar.gz: c9207a0a342a524526ca808643717da32a369fd6
 SHA512:
-  metadata.gz: 34b8647e6b53bcb0730b43ceba858b8897c9dec71410edc8700e6afbf5dfd142b4caefa6f85963aa691f057bd58a2f0c056a4b91087021e9e5b9cdb75b6a18d0
-  data.tar.gz: 182254bae4665e5593a4013750c123932cdd24bf7d2aed821bc626edaaa4dbdc067e2055ce394bab48ec477476ae948ace953b09593877271973120499bad30a
+  metadata.gz: 94d6c47e835ba56c48afcac43912caa94c30ed83e4ba09a8cf0e94036f8c14d54c097931d732b5777f1fa45c09eca85735b9982c0ba8606f1d2da551d9d9fe90
+  data.tar.gz: 547492a234aa3f61299117ea2a770601710c9e36ed6d6df1f3e83b85d6e6693efa7da5c25ebb132ceff50998762229ae17649fd410df67f1d2ec92c8f63de28a

data/Rakefile CHANGED

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
-Echoe.new('jwt', '1.2.1') do |p|
+Echoe.new('jwt', '1.3.0') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"

data/jwt.gemspec CHANGED

@@ -1,14 +1,14 @@
 # -*- encoding: utf-8 -*-
-# stub: jwt 1.2.1 ruby lib
+# stub: jwt 1.3.0 ruby lib
 Gem::Specification.new do |s|
   s.name = "jwt"
-  s.version = "1.2.1"
+  s.version = "1.3.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Jeff Lindsay"]
-  s.date = "2015-01-23"
+  s.date = "2015-02-24"
   s.description = "JSON Web Token implementation in Ruby"
   s.email = "progrium@gmail.com"
   s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.licenses = ["MIT"]
   s.rdoc_options = ["--line-numbers", "--title", "Jwt", "--main", "README.md"]
   s.rubyforge_project = "jwt"
-  s.rubygems_version = "2.3.0"
+  s.rubygems_version = "2.4.6"
   s.summary = "JSON Web Token implementation in Ruby"
   if s.respond_to? :specification_version then

data/lib/jwt.rb CHANGED

@@ -10,7 +10,9 @@ require "jwt/json"
 module JWT
   class DecodeError < StandardError; end
+  class VerificationError < DecodeError; end
   class ExpiredSignature < StandardError; end
+  class ImmatureSignature < StandardError; end
   extend JWT::Json
   module_function
@@ -102,6 +104,7 @@ module JWT
     default_options = {
       :verify_expiration => true,
+      :verify_not_before => true,
       :leeway => 0
     }
     options = default_options.merge(options)
@@ -110,9 +113,13 @@ module JWT
       algo, key = signature_algorithm_and_key(header, key, &keyfinder)
       verify_signature(algo, key, signing_input, signature)
     end
     if options[:verify_expiration] && payload.include?('exp')
       raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'].to_i > (Time.now.to_i - options[:leeway])
     end
+    if options[:verify_not_before] && payload.include?('nbf')
+      raise JWT::ImmatureSignature.new("Signature nbf has not been reached") unless payload['nbf'].to_i < (Time.now.to_i + options[:leeway])
+    end
     return payload,header
   end
@@ -126,14 +133,14 @@ module JWT
   def verify_signature(algo, key, signing_input, signature)
     begin
       if ["HS256", "HS384", "HS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
+        raise JWT::VerificationError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
       elsif ["RS256", "RS384", "RS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
+        raise JWT::VerificationError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
       else
-        raise JWT::DecodeError.new("Algorithm not supported")
+        raise JWT::VerificationError.new("Algorithm not supported")
       end
     rescue OpenSSL::PKey::PKeyError
-      raise JWT::DecodeError.new("Signature verification failed")
+      raise JWT::VerificationError.new("Signature verification failed")
     ensure
       OpenSSL.errors.clear
     end

data/lib/jwt/json.rb CHANGED

@@ -27,4 +27,4 @@ module JWT
       end
     end
   end
-end
+end

data/spec/helper.rb CHANGED

@@ -3,4 +3,3 @@ require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
 RSpec.configure do |c|
 end

data/spec/jwt_spec.rb CHANGED

@@ -2,7 +2,7 @@ require 'helper'
 describe JWT do
   before do
-    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1}
+    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1, "nbf" => Time.now.to_i - 1 }
   end
   it "encodes and decodes JWTs" do
@@ -37,42 +37,42 @@ describe JWT do
     expect(decoded_payload).to include(example_payload)
   end
-  it "raises exception when the token is invalid" do
+  it "raises decode exception when the token is invalid" do
     example_secret = 'secret'
     # Same as above exmaple with some random bytes replaced
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHiMomlwIjogIkJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with wrong hmac key" do
+  it "raises verification exception with wrong hmac key" do
     right_secret = 'foo'
     bad_secret = 'bar'
     jwt_message = JWT.encode(@payload, right_secret, "HS256")
-    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::VerificationError)
   end
-  it "raises exception with wrong rsa key" do
+  it "raises verification exception with wrong rsa key" do
     right_private_key = OpenSSL::PKey::RSA.generate(512)
     bad_private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, right_private_key, "RS256")
-    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::VerificationError)
   end
-  it "raises exception with invalid signature" do
+  it "raises decode exception with invalid signature" do
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with nonexistent header" do
+  it "raises decode exception with nonexistent header" do
     expect { JWT.decode("..stuff") }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with nonexistent payload" do
+  it "raises decode exception with nonexistent payload" do
     expect { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with nil jwt" do
+  it "raises decode exception with nil jwt" do
     expect { JWT.decode(nil) }.to raise_error(JWT::DecodeError)
   end
@@ -156,6 +156,48 @@ describe JWT do
     expect(decoded_payload).to include(expired_payload)
   end
+  it "raises error when before nbf" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = Time.now.to_i + 1
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
+  end
+  it "doesnt raise error when after nbf" do
+    mature_payload = @payload.clone
+    secret = "secret"
+    jwt = JWT.encode(mature_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
+    expect(decoded_payload).to include(mature_payload)
+  end
+  it "raise ImmatureSignature even when nbf claim is a string" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = (Time.now.to_i).to_s
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
+  end
+  it "performs normal decode with skipped not before check" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = Time.now.to_i + 2
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:verify_not_before => false})
+    expect(decoded_payload).to include(immature_payload)
+  end
+  it "performs normal decode using leeway" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = Time.now.to_i - 2
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
+    expect(decoded_payload).to include(immature_payload)
+  end
   describe "secure comparison" do
     it "returns true if strings are equal" do
       expect(JWT.secure_compare("Foo", "Foo")).to be true

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.0
 platform: ruby
 authors:
 - Jeff Lindsay
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-23 00:00:00.000000000 Z
+date: 2015-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: echoe
@@ -64,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '1.2'
 requirements: []
 rubyforge_project: jwt
-rubygems_version: 2.3.0
+rubygems_version: 2.4.6
 signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby