jwt 1.2.1 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b05ae75c68fd86cab9446c4ad8df062ed5b226f1
4
- data.tar.gz: a803c3eaf081008f7c07f3a44d7e2e56d1ecb924
3
+ metadata.gz: 8f9090c3c5618d2e844c93a71d27b0fc09761f3b
4
+ data.tar.gz: c9207a0a342a524526ca808643717da32a369fd6
5
5
  SHA512:
6
- metadata.gz: 34b8647e6b53bcb0730b43ceba858b8897c9dec71410edc8700e6afbf5dfd142b4caefa6f85963aa691f057bd58a2f0c056a4b91087021e9e5b9cdb75b6a18d0
7
- data.tar.gz: 182254bae4665e5593a4013750c123932cdd24bf7d2aed821bc626edaaa4dbdc067e2055ce394bab48ec477476ae948ace953b09593877271973120499bad30a
6
+ metadata.gz: 94d6c47e835ba56c48afcac43912caa94c30ed83e4ba09a8cf0e94036f8c14d54c097931d732b5777f1fa45c09eca85735b9982c0ba8606f1d2da551d9d9fe90
7
+ data.tar.gz: 547492a234aa3f61299117ea2a770601710c9e36ed6d6df1f3e83b85d6e6693efa7da5c25ebb132ceff50998762229ae17649fd410df67f1d2ec92c8f63de28a
data/Rakefile CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
  require 'rake'
3
3
  require 'echoe'
4
4
 
5
- Echoe.new('jwt', '1.2.1') do |p|
5
+ Echoe.new('jwt', '1.3.0') do |p|
6
6
  p.description = "JSON Web Token implementation in Ruby"
7
7
  p.url = "http://github.com/progrium/ruby-jwt"
8
8
  p.author = "Jeff Lindsay"
@@ -1,14 +1,14 @@
1
1
  # -*- encoding: utf-8 -*-
2
- # stub: jwt 1.2.1 ruby lib
2
+ # stub: jwt 1.3.0 ruby lib
3
3
 
4
4
  Gem::Specification.new do |s|
5
5
  s.name = "jwt"
6
- s.version = "1.2.1"
6
+ s.version = "1.3.0"
7
7
 
8
8
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
9
9
  s.require_paths = ["lib"]
10
10
  s.authors = ["Jeff Lindsay"]
11
- s.date = "2015-01-23"
11
+ s.date = "2015-02-24"
12
12
  s.description = "JSON Web Token implementation in Ruby"
13
13
  s.email = "progrium@gmail.com"
14
14
  s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
17
17
  s.licenses = ["MIT"]
18
18
  s.rdoc_options = ["--line-numbers", "--title", "Jwt", "--main", "README.md"]
19
19
  s.rubyforge_project = "jwt"
20
- s.rubygems_version = "2.3.0"
20
+ s.rubygems_version = "2.4.6"
21
21
  s.summary = "JSON Web Token implementation in Ruby"
22
22
 
23
23
  if s.respond_to? :specification_version then
data/lib/jwt.rb CHANGED
@@ -10,7 +10,9 @@ require "jwt/json"
10
10
 
11
11
  module JWT
12
12
  class DecodeError < StandardError; end
13
+ class VerificationError < DecodeError; end
13
14
  class ExpiredSignature < StandardError; end
15
+ class ImmatureSignature < StandardError; end
14
16
  extend JWT::Json
15
17
 
16
18
  module_function
@@ -102,6 +104,7 @@ module JWT
102
104
 
103
105
  default_options = {
104
106
  :verify_expiration => true,
107
+ :verify_not_before => true,
105
108
  :leeway => 0
106
109
  }
107
110
  options = default_options.merge(options)
@@ -110,9 +113,13 @@ module JWT
110
113
  algo, key = signature_algorithm_and_key(header, key, &keyfinder)
111
114
  verify_signature(algo, key, signing_input, signature)
112
115
  end
116
+
113
117
  if options[:verify_expiration] && payload.include?('exp')
114
118
  raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'].to_i > (Time.now.to_i - options[:leeway])
115
119
  end
120
+ if options[:verify_not_before] && payload.include?('nbf')
121
+ raise JWT::ImmatureSignature.new("Signature nbf has not been reached") unless payload['nbf'].to_i < (Time.now.to_i + options[:leeway])
122
+ end
116
123
  return payload,header
117
124
  end
118
125
 
@@ -126,14 +133,14 @@ module JWT
126
133
  def verify_signature(algo, key, signing_input, signature)
127
134
  begin
128
135
  if ["HS256", "HS384", "HS512"].include?(algo)
129
- raise JWT::DecodeError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
136
+ raise JWT::VerificationError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
130
137
  elsif ["RS256", "RS384", "RS512"].include?(algo)
131
- raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
138
+ raise JWT::VerificationError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
132
139
  else
133
- raise JWT::DecodeError.new("Algorithm not supported")
140
+ raise JWT::VerificationError.new("Algorithm not supported")
134
141
  end
135
142
  rescue OpenSSL::PKey::PKeyError
136
- raise JWT::DecodeError.new("Signature verification failed")
143
+ raise JWT::VerificationError.new("Signature verification failed")
137
144
  ensure
138
145
  OpenSSL.errors.clear
139
146
  end
@@ -27,4 +27,4 @@ module JWT
27
27
  end
28
28
  end
29
29
  end
30
- end
30
+ end
@@ -3,4 +3,3 @@ require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
3
3
 
4
4
  RSpec.configure do |c|
5
5
  end
6
-
@@ -2,7 +2,7 @@ require 'helper'
2
2
 
3
3
  describe JWT do
4
4
  before do
5
- @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1}
5
+ @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1, "nbf" => Time.now.to_i - 1 }
6
6
  end
7
7
 
8
8
  it "encodes and decodes JWTs" do
@@ -37,42 +37,42 @@ describe JWT do
37
37
  expect(decoded_payload).to include(example_payload)
38
38
  end
39
39
 
40
- it "raises exception when the token is invalid" do
40
+ it "raises decode exception when the token is invalid" do
41
41
  example_secret = 'secret'
42
42
  # Same as above exmaple with some random bytes replaced
43
43
  example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHiMomlwIjogIkJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
44
44
  expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
45
45
  end
46
46
 
47
- it "raises exception with wrong hmac key" do
47
+ it "raises verification exception with wrong hmac key" do
48
48
  right_secret = 'foo'
49
49
  bad_secret = 'bar'
50
50
  jwt_message = JWT.encode(@payload, right_secret, "HS256")
51
- expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::DecodeError)
51
+ expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::VerificationError)
52
52
  end
53
53
 
54
- it "raises exception with wrong rsa key" do
54
+ it "raises verification exception with wrong rsa key" do
55
55
  right_private_key = OpenSSL::PKey::RSA.generate(512)
56
56
  bad_private_key = OpenSSL::PKey::RSA.generate(512)
57
57
  jwt = JWT.encode(@payload, right_private_key, "RS256")
58
- expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::DecodeError)
58
+ expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::VerificationError)
59
59
  end
60
60
 
61
- it "raises exception with invalid signature" do
61
+ it "raises decode exception with invalid signature" do
62
62
  example_secret = 'secret'
63
63
  example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.'
64
64
  expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
65
65
  end
66
66
 
67
- it "raises exception with nonexistent header" do
67
+ it "raises decode exception with nonexistent header" do
68
68
  expect { JWT.decode("..stuff") }.to raise_error(JWT::DecodeError)
69
69
  end
70
70
 
71
- it "raises exception with nonexistent payload" do
71
+ it "raises decode exception with nonexistent payload" do
72
72
  expect { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.to raise_error(JWT::DecodeError)
73
73
  end
74
74
 
75
- it "raises exception with nil jwt" do
75
+ it "raises decode exception with nil jwt" do
76
76
  expect { JWT.decode(nil) }.to raise_error(JWT::DecodeError)
77
77
  end
78
78
 
@@ -156,6 +156,48 @@ describe JWT do
156
156
  expect(decoded_payload).to include(expired_payload)
157
157
  end
158
158
 
159
+ it "raises error when before nbf" do
160
+ immature_payload = @payload.clone
161
+ immature_payload['nbf'] = Time.now.to_i + 1
162
+ secret = "secret"
163
+ jwt = JWT.encode(immature_payload, secret)
164
+ expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
165
+ end
166
+
167
+ it "doesnt raise error when after nbf" do
168
+ mature_payload = @payload.clone
169
+ secret = "secret"
170
+ jwt = JWT.encode(mature_payload, secret)
171
+ decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
172
+ expect(decoded_payload).to include(mature_payload)
173
+ end
174
+
175
+ it "raise ImmatureSignature even when nbf claim is a string" do
176
+ immature_payload = @payload.clone
177
+ immature_payload['nbf'] = (Time.now.to_i).to_s
178
+ secret = "secret"
179
+ jwt = JWT.encode(immature_payload, secret)
180
+ expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
181
+ end
182
+
183
+ it "performs normal decode with skipped not before check" do
184
+ immature_payload = @payload.clone
185
+ immature_payload['nbf'] = Time.now.to_i + 2
186
+ secret = "secret"
187
+ jwt = JWT.encode(immature_payload, secret)
188
+ decoded_payload = JWT.decode(jwt, secret, true, {:verify_not_before => false})
189
+ expect(decoded_payload).to include(immature_payload)
190
+ end
191
+
192
+ it "performs normal decode using leeway" do
193
+ immature_payload = @payload.clone
194
+ immature_payload['nbf'] = Time.now.to_i - 2
195
+ secret = "secret"
196
+ jwt = JWT.encode(immature_payload, secret)
197
+ decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
198
+ expect(decoded_payload).to include(immature_payload)
199
+ end
200
+
159
201
  describe "secure comparison" do
160
202
  it "returns true if strings are equal" do
161
203
  expect(JWT.secure_compare("Foo", "Foo")).to be true
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeff Lindsay
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-23 00:00:00.000000000 Z
11
+ date: 2015-02-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: echoe
@@ -64,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
64
64
  version: '1.2'
65
65
  requirements: []
66
66
  rubyforge_project: jwt
67
- rubygems_version: 2.3.0
67
+ rubygems_version: 2.4.6
68
68
  signing_key:
69
69
  specification_version: 4
70
70
  summary: JSON Web Token implementation in Ruby