RubyGems - jwt - Versions diffs - 1.3.0 → 1.4.0 - Mend

jwt 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8f9090c3c5618d2e844c93a71d27b0fc09761f3b
-  data.tar.gz: c9207a0a342a524526ca808643717da32a369fd6
+  metadata.gz: 22e5c1eafdf6a7e80397bbca142c3bff69524b21
+  data.tar.gz: e7acda6c7609412c393a5ebb29e575cb82618f9f
 SHA512:
-  metadata.gz: 94d6c47e835ba56c48afcac43912caa94c30ed83e4ba09a8cf0e94036f8c14d54c097931d732b5777f1fa45c09eca85735b9982c0ba8606f1d2da551d9d9fe90
-  data.tar.gz: 547492a234aa3f61299117ea2a770601710c9e36ed6d6df1f3e83b85d6e6693efa7da5c25ebb132ceff50998762229ae17649fd410df67f1d2ec92c8f63de28a
+  metadata.gz: f897824dd5f6ccc196f16c9944914c14ca0d476d9bc030bc8872ad7e2c5234a3db907ee35b780715689549fe397a4e76521b0e3d06d37f2b06d890cbcf855633
+  data.tar.gz: aec0e48a68cee3b5694d97f47aa0b3721ac2eee8a82b038c172c884d3ccfc1ade1728a4d4bf92d7cedd2d8bca9273cb180a14fb4ee306b01e981b2e752341515

data/Rakefile CHANGED

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
-Echoe.new('jwt', '1.3.0') do |p|
+Echoe.new('jwt', '1.4.0') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"

data/jwt.gemspec CHANGED

@@ -1,14 +1,14 @@
 # -*- encoding: utf-8 -*-
-# stub: jwt 1.3.0 ruby lib
+# stub: jwt 1.4.0 ruby lib
 Gem::Specification.new do |s|
   s.name = "jwt"
-  s.version = "1.3.0"
+  s.version = "1.4.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Jeff Lindsay"]
-  s.date = "2015-02-24"
+  s.date = "2015-03-10"
   s.description = "JSON Web Token implementation in Ruby"
   s.email = "progrium@gmail.com"
   s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]

data/lib/jwt.rb CHANGED

@@ -11,8 +11,13 @@ require "jwt/json"
 module JWT
   class DecodeError < StandardError; end
   class VerificationError < DecodeError; end
-  class ExpiredSignature < StandardError; end
-  class ImmatureSignature < StandardError; end
+  class ExpiredSignature < DecodeError; end
+  class ImmatureSignature < DecodeError; end
+  class InvalidIssuerError < DecodeError; end
+  class InvalidIatError < DecodeError; end
+  class InvalidAudError < DecodeError; end
+  class InvalidSubError < DecodeError; end
+  class InvalidJtiError < DecodeError; end
   extend JWT::Json
   module_function
@@ -105,8 +110,14 @@ module JWT
     default_options = {
       :verify_expiration => true,
       :verify_not_before => true,
+      :verify_iss => true,
+      :verify_iat => true,
+      :verify_jti => true,
+      :verify_aud => true,
+      :verify_sub => true,
       :leeway => 0
     }
     options = default_options.merge(options)
     if verify
@@ -120,6 +131,27 @@ module JWT
     if options[:verify_not_before] && payload.include?('nbf')
       raise JWT::ImmatureSignature.new("Signature nbf has not been reached") unless payload['nbf'].to_i < (Time.now.to_i + options[:leeway])
     end
+    if options[:verify_iss] && payload.include?('iss')
+      raise JWT::InvalidIssuerError.new("Invalid issuer") unless payload['iss'].to_s == options['iss'].to_s
+    end
+    if options[:verify_iat] && payload.include?('iat')
+      raise JWT::InvalidIatError.new("Invalid iat") unless (payload['iat'].is_a?(Integer) and payload['iat'].to_i <= Time.now.to_i)
+    end
+    if options[:verify_aud] && payload.include?('aud')
+      if payload['aud'].is_a?(Array)
+        raise JWT::InvalidAudError.new("Invalid audience") unless payload['aud'].include?(options['aud'])
+      else
+        raise JWT::InvalidAudError.new("Invalid audience") unless payload['aud'].to_s == options['aud'].to_s
+      end
+    end
+    if options[:verify_sub] && payload.include?('sub')
+      raise JWT::InvalidSubError.new("Invalid subject") unless payload['sub'].to_s == options['sub'].to_s
+    end
+    if options[:verify_jti] && payload.include?('jti')
+      raise JWT::InvalidJtiError.new("need iat for verify jwt id") unless payload.include?('iat')
+      raise JWT::InvalidJtiError.new("Not a uniq jwt id") unless options['jti'].to_s == Digest::MD5.hexdigest("#{key}:#{payload['iat']}")
+    end
     return payload,header
   end

data/spec/helper.rb CHANGED

@@ -1,5 +1,2 @@
 require 'rspec'
 require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
-RSpec.configure do |c|
-end

data/spec/jwt_spec.rb CHANGED

@@ -2,81 +2,175 @@ require 'helper'
 describe JWT do
   before do
-    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1, "nbf" => Time.now.to_i - 1 }
+    @payload = {'foo' => 'bar', 'exp' => Time.now.to_i + 1, 'nbf' => Time.now.to_i - 1 }
   end
-  it "encodes and decodes JWTs" do
-    secret = "secret"
+  it 'encodes and decodes JWTs' do
+    secret = 'secret'
     jwt = JWT.encode(@payload, secret)
     decoded_payload = JWT.decode(jwt, secret)
     expect(decoded_payload).to include(@payload)
   end
-  it "encodes and decodes JWTs for RSA signatures" do
+  it 'encodes and decodes JWTs for RSA signatures' do
     private_key = OpenSSL::PKey::RSA.generate(512)
-    jwt = JWT.encode(@payload, private_key, "RS256")
+    jwt = JWT.encode(@payload, private_key, 'RS256')
     decoded_payload = JWT.decode(jwt, private_key.public_key)
     expect(decoded_payload).to include(@payload)
   end
-  it "encodes and decodes JWTs with custom header fields" do
+  it 'encodes and decodes JWTs with custom header fields' do
     private_key = OpenSSL::PKey::RSA.generate(512)
-    jwt = JWT.encode(@payload, private_key, "RS256", {"kid" => 'default'})
+    jwt = JWT.encode(@payload, private_key, 'RS256', {'kid' => 'default'})
     decoded_payload = JWT.decode(jwt) do |header|
-      expect(header["kid"]).to eq('default')
+      expect(header['kid']).to eq('default')
       private_key.public_key
     end
     expect(decoded_payload).to include(@payload)
   end
-  it "decodes valid JWTs" do
-    example_payload = {"hello" => "world"}
+  it 'decodes valid JWTs' do
+    example_payload = {'hello' => 'world'}
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
     decoded_payload = JWT.decode(example_jwt, example_secret)
     expect(decoded_payload).to include(example_payload)
   end
-  it "raises decode exception when the token is invalid" do
+  it 'decodes valid JWTs with iss' do
+    example_payload = {'hello' => 'world', 'iss' => 'jwtiss'}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaXNzIjoiand0aXNzIn0.nTZkyYfpGUyKULaj45lXw_1gXXjHvGW4h5V7okHdUqQ'
+    decoded_payload = JWT.decode(example_jwt, example_secret, true, {'iss' => 'jwtiss'})
+    expect(decoded_payload).to include(example_payload)
+  end
+  it 'raises invalid issuer' do
+    # example_payload = {'hello' => 'world', 'iss' => 'jwtiss'}
+    example_payload2 = {'hello' => 'world'}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaXNzIjoiand0aXNzIn0.nTZkyYfpGUyKULaj45lXw_1gXXjHvGW4h5V7okHdUqQ'
+    expect{ JWT.decode(example_jwt, example_secret, true, {'iss' => 'jwt_iss'}) }.to raise_error(JWT::InvalidIssuerError)
+    example_jwt2 = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
+    decode_payload2 = JWT.decode(example_jwt2, example_secret, true, {'iss' => 'jwt_iss'})
+    expect(decode_payload2).to include(example_payload2)
+  end
+  it 'decodes valid JWTs with iat' do
+    example_payload = {'hello' => 'world', 'iat' => 1425917209}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0IjoxNDI1OTE3MjA5fQ.m4F-Ugo7aLnLunBBO3BeDidyWMx8T9eoJz6FW2rgQhU'
+    decoded_payload = JWT.decode(example_jwt, example_secret, true, {'iat' => true})
+    expect(decoded_payload).to include(example_payload)
+  end
+  it 'raises decode exception when iat is invalid' do
+    # example_payload = {'hello' => 'world', 'iat' => 'abc'}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0IjoiMTQyNTkxNzIwOSJ9.Mn_vk61xWjIhbXFqAB0nFmNkDiCmfzUgl_LaCKRT6S8'
+    expect{ JWT.decode(example_jwt, example_secret, true, {'iat' => 1425917209}) }.to raise_error(JWT::InvalidIatError)
+  end
+  it 'decodes valid JWTs with jti' do
+    example_payload = {'hello' => 'world', 'iat' => 1425917209, 'jti' => Digest::MD5.hexdigest('secret:1425917209')}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0IjoxNDI1OTE3MjA5LCJqdGkiOiI1NWM3NzZlMjFmN2NiZDg3OWMwNmZhYzAxOGRhYzQwMiJ9.ET0hb-VTUOL3M22oG13ofzvGPLMAncbF8rdNDIqo8tg'
+    decoded_payload = JWT.decode(example_jwt, example_secret, true, {'jti' => Digest::MD5.hexdigest('secret:1425917209')})
+    expect(decoded_payload).to include(example_payload)
+  end
+  it 'raises decode exception when jti is invalid' do
+    # example_payload = {'hello' => 'world', 'iat' => 1425917209, 'jti' => Digest::MD5.hexdigest('secret:1425917209')}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiaWF0IjoxNDI1OTE3MjA5LCJqdGkiOiI1NWM3NzZlMjFmN2NiZDg3OWMwNmZhYzAxOGRhYzQwMiJ9.ET0hb-VTUOL3M22oG13ofzvGPLMAncbF8rdNDIqo8tg'
+    expect{ JWT.decode(example_jwt, example_secret, true, {'jti' => Digest::MD5.hexdigest('secret:1425922032')}) }.to raise_error(JWT::InvalidJtiError)
+    expect{ JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::InvalidJtiError)
+  end
+  it 'raises decode exception when jti without iat' do
+    # example_payload = {'hello' => 'world', 'jti' => Digest::MD5.hexdigest('secret:1425917209')}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwianRpIjoiNTVjNzc2ZTIxZjdjYmQ4NzljMDZmYWMwMThkYWM0MDIifQ.n0foJCnCM_-_xUvG_TOmR9mYpL2y0UqZOD_gv33djeE'
+    expect{ JWT.decode(example_jwt, example_secret, true, {'jti' => Digest::MD5.hexdigest('secret:1425922032')}) }.to raise_error(JWT::InvalidJtiError)
+  end
+  it 'decodes valid JWTs with aud' do
+    example_payload = {'hello' => 'world', 'aud' => 'url:pnd'}
+    example_payload2 = {'hello' => 'world', 'aud' => ['url:pnd', 'aud:yes']}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiYXVkIjoidXJsOnBuZCJ9._gT5veUtNiZD7wLEC6Gd0-nkQV3cl1z8G0zXq8qcd-8'
+    example_jwt2 = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiYXVkIjpbInVybDpwbmQiLCJhdWQ6eWVzIl19.qNPNcT4X9B5uI91rIwbW2bIPTsp8wbRYW3jkZkrmqbQ'
+    decoded_payload = JWT.decode(example_jwt, example_secret, true, {'aud' => 'url:pnd'})
+    decoded_payload2 = JWT.decode(example_jwt2, example_secret, true, {'aud' => 'url:pnd'})
+    expect(decoded_payload).to include(example_payload)
+    expect(decoded_payload2).to include(example_payload2)
+  end
+  it 'raises deode exception when aud is invalid' do
+    # example_payload = {'hello' => 'world', 'aud' => 'url:pnd'}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwiYXVkIjoidXJsOnBuZCJ9._gT5veUtNiZD7wLEC6Gd0-nkQV3cl1z8G0zXq8qcd-8'
+    expect{ JWT.decode(example_jwt, example_secret, true, {'aud' => 'wrong:aud'}) }.to raise_error(JWT::InvalidAudError)
+  end
+  it 'decodes valid JWTs with sub' do
+    example_payload = {'hello' => 'world', 'sub' => 'subject'}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwic3ViIjoic3ViamVjdCJ9.QUnNVZm4SPB4vP2zY9m1LoUSOx-5oGXBhj7R89D_UtA'
+    decoded_payload = JWT.decode(example_jwt, example_secret, true, {'sub' => 'subject'})
+    expect(decoded_payload).to include(example_payload)
+  end
+  it 'raise decode exception when the sub is invalid' do
+    # example_payload = {'hello' => 'world', 'sub' => 'subject'}
+    example_secret = 'secret'
+    example_jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIiwic3ViIjoic3ViamVjdCJ9.QUnNVZm4SPB4vP2zY9m1LoUSOx-5oGXBhj7R89D_UtA'
+    expect{ JWT.decode(example_jwt, example_secret, true, {'iss' => 'subject'}) }.to raise_error(JWT::InvalidSubError)
+  end
+  it 'raises decode exception when the token is invalid' do
     example_secret = 'secret'
     # Same as above exmaple with some random bytes replaced
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHiMomlwIjogIkJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
-  it "raises verification exception with wrong hmac key" do
+  it 'raises verification exception with wrong hmac key' do
     right_secret = 'foo'
     bad_secret = 'bar'
-    jwt_message = JWT.encode(@payload, right_secret, "HS256")
+    jwt_message = JWT.encode(@payload, right_secret, 'HS256')
     expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::VerificationError)
   end
-  it "raises verification exception with wrong rsa key" do
+  it 'raises verification exception with wrong rsa key' do
     right_private_key = OpenSSL::PKey::RSA.generate(512)
     bad_private_key = OpenSSL::PKey::RSA.generate(512)
-    jwt = JWT.encode(@payload, right_private_key, "RS256")
+    jwt = JWT.encode(@payload, right_private_key, 'RS256')
     expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::VerificationError)
   end
-  it "raises decode exception with invalid signature" do
+  it 'raises decode exception with invalid signature' do
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
-  it "raises decode exception with nonexistent header" do
-    expect { JWT.decode("..stuff") }.to raise_error(JWT::DecodeError)
+  it 'raises decode exception with nonexistent header' do
+    expect { JWT.decode('..stuff') }.to raise_error(JWT::DecodeError)
   end
-  it "raises decode exception with nonexistent payload" do
-    expect { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.to raise_error(JWT::DecodeError)
+  it 'raises decode exception with nonexistent payload' do
+    expect { JWT.decode('eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff') }.to raise_error(JWT::DecodeError)
   end
-  it "raises decode exception with nil jwt" do
+  it 'raises decode exception with nil jwt' do
     expect { JWT.decode(nil) }.to raise_error(JWT::DecodeError)
   end
-  it "allows decoding without key" do
+  it 'allows decoding without key' do
     right_secret = 'foo'
     bad_secret = 'bar'
     jwt = JWT.encode(@payload, right_secret)
@@ -84,35 +178,35 @@ describe JWT do
     expect(decoded_payload).to include(@payload)
   end
-  it "checks the key when verify is truthy" do
+  it 'checks the key when verify is truthy' do
     right_secret = 'foo'
     bad_secret = 'bar'
     jwt = JWT.encode(@payload, right_secret)
-    verify = "yes" =~ /^y/i
+    verify = 'yes' =~ /^y/i
     expect { JWT.decode(jwt, bad_secret, verify) }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception on unsupported crypto algorithm" do
-    expect { JWT.encode(@payload, "secret", 'HS1024') }.to raise_error(NotImplementedError)
+  it 'raises exception on unsupported crypto algorithm' do
+    expect { JWT.encode(@payload, 'secret', 'HS1024') }.to raise_error(NotImplementedError)
   end
-  it "encodes and decodes plaintext JWTs" do
+  it 'encodes and decodes plaintext JWTs' do
     jwt = JWT.encode(@payload, nil, nil)
     expect(jwt.split('.').length).to eq(2)
     decoded_payload = JWT.decode(jwt, nil, nil)
     expect(decoded_payload).to include(@payload)
   end
-  it "requires a signature segment when verify is truthy" do
+  it 'requires a signature segment when verify is truthy' do
     jwt = JWT.encode(@payload, nil, nil)
     expect(jwt.split('.').length).to eq(2)
     expect { JWT.decode(jwt, nil, true) }.to raise_error(JWT::DecodeError)
   end
-  it "does not use == to compare digests" do
-    secret = "secret"
+  it 'does not use == to compare digests' do
+    secret = 'secret'
     jwt = JWT.encode(@payload, secret)
-    crypto_segment = jwt.split(".").last
+    crypto_segment = jwt.split('.').last
     signature = JWT.base64url_decode(crypto_segment)
     expect(signature).not_to receive('==')
@@ -122,96 +216,96 @@ describe JWT do
     JWT.decode(jwt, secret)
   end
-  it "raises error when expired" do
+  it 'raises error when expired' do
     expired_payload = @payload.clone
     expired_payload['exp'] = Time.now.to_i - 1
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(expired_payload, secret)
     expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ExpiredSignature)
   end
-  it "raise ExpiredSignature even when exp claims is a string" do
+  it 'raise ExpiredSignature even when exp claims is a string' do
     expired_payload = @payload.clone
     expired_payload['exp'] = (Time.now.to_i).to_s
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(expired_payload, secret)
     expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ExpiredSignature)
   end
-  it "performs normal decode with skipped expiration check" do
+  it 'performs normal decode with skipped expiration check' do
     expired_payload = @payload.clone
     expired_payload['exp'] = Time.now.to_i - 1
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(expired_payload, secret)
     decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
     expect(decoded_payload).to include(expired_payload)
   end
-  it "performs normal decode using leeway" do
+  it 'performs normal decode using leeway' do
     expired_payload = @payload.clone
     expired_payload['exp'] = Time.now.to_i - 2
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(expired_payload, secret)
     decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
     expect(decoded_payload).to include(expired_payload)
   end
-  it "raises error when before nbf" do
+  it 'raises error when before nbf' do
     immature_payload = @payload.clone
     immature_payload['nbf'] = Time.now.to_i + 1
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(immature_payload, secret)
     expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
   end
-  it "doesnt raise error when after nbf" do
+  it 'doesnt raise error when after nbf' do
     mature_payload = @payload.clone
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(mature_payload, secret)
     decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
     expect(decoded_payload).to include(mature_payload)
   end
-  it "raise ImmatureSignature even when nbf claim is a string" do
+  it 'raise ImmatureSignature even when nbf claim is a string' do
     immature_payload = @payload.clone
     immature_payload['nbf'] = (Time.now.to_i).to_s
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(immature_payload, secret)
     expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
   end
-  it "performs normal decode with skipped not before check" do
+  it 'performs normal decode with skipped not before check' do
     immature_payload = @payload.clone
     immature_payload['nbf'] = Time.now.to_i + 2
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(immature_payload, secret)
     decoded_payload = JWT.decode(jwt, secret, true, {:verify_not_before => false})
     expect(decoded_payload).to include(immature_payload)
   end
-  it "performs normal decode using leeway" do
+  it 'performs normal decode using leeway' do
     immature_payload = @payload.clone
     immature_payload['nbf'] = Time.now.to_i - 2
-    secret = "secret"
+    secret = 'secret'
     jwt = JWT.encode(immature_payload, secret)
     decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
     expect(decoded_payload).to include(immature_payload)
   end
-  describe "secure comparison" do
-    it "returns true if strings are equal" do
-      expect(JWT.secure_compare("Foo", "Foo")).to be true
+  describe 'secure comparison' do
+    it 'returns true if strings are equal' do
+      expect(JWT.secure_compare('Foo', 'Foo')).to be true
     end
-    it "returns false if either input is nil or empty" do
-      [nil, ""].each do |bad|
-        expect(JWT.secure_compare(bad, "Foo")).to be false
-        expect(JWT.secure_compare("Foo", bad)).to be false
+    it 'returns false if either input is nil or empty' do
+      [nil, ''].each do |bad|
+        expect(JWT.secure_compare(bad, 'Foo')).to be false
+        expect(JWT.secure_compare('Foo', bad)).to be false
       end
     end
-    it "retuns false if the strings are different" do
-      expect(JWT.secure_compare("Foo", "Bar")).to be false
+    it 'retuns false if the strings are different' do
+      expect(JWT.secure_compare('Foo', 'Bar')).to be false
     end
   end
@@ -220,7 +314,7 @@ describe JWT do
     expect(OpenSSL.errors).to be_empty
   end
-  it "raise exception on invalid signature" do
+  it 'raise exception on invalid signature' do
     pubkey = OpenSSL::PKey::RSA.new(<<-PUBKEY)
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCaY7425h964bjaoLeUm
@@ -245,20 +339,20 @@ PUBKEY
     expect { JWT.decode(jwt, pubkey, true) }.to raise_error(JWT::DecodeError)
   end
-  describe "urlsafe base64 encoding" do
-    it "replaces + and / with - and _" do
-      allow(Base64).to receive(:encode64) { "string+with/non+url-safe/characters_" }
-      expect(JWT.base64url_encode("foo")).to eq("string-with_non-url-safe_characters_")
+  describe 'urlsafe base64 encoding' do
+    it 'replaces + and / with - and _' do
+      allow(Base64).to receive(:encode64) { 'string+with/non+url-safe/characters_' }
+      expect(JWT.base64url_encode('foo')).to eq('string-with_non-url-safe_characters_')
     end
   end
   describe 'decoded_segments' do
-    it "allows access to the decoded header and payload" do
-      secret = "secret"
+    it 'allows access to the decoded header and payload' do
+      secret = 'secret'
       jwt = JWT.encode(@payload, secret)
       decoded_segments = JWT.decoded_segments(jwt)
       expect(decoded_segments.size).to eq(4)
-      expect(decoded_segments[0]).to eq({"typ" => "JWT", "alg" => "HS256"})
+      expect(decoded_segments[0]).to eq({'typ' => 'JWT', 'alg' => 'HS256'})
       expect(decoded_segments[1]).to eq(@payload)
     end
   end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Jeff Lindsay
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-24 00:00:00.000000000 Z
+date: 2015-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: echoe