jwt 1.5.4 → 1.5.5

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    NDM3ZjQ5OWVjMGQ3NDYxZWRmZjAxNTQzZmU5YjlhODg4YzcwY2QzMg==
-  data.tar.gz: !binary |-
-    YmM3YWU5NTkxNDEzOGQyMTAzMTIyYzVmNWNhY2ZlMWU2NTFlZjliNQ==
+SHA1:
+  metadata.gz: 0ab60d996890a0c93b46c4c86170e03fbfdca0c2
+  data.tar.gz: 83765101b7357c3c548bad68baeff603b83ce446
 SHA512:
-  metadata.gz: !binary |-
-    NzA3NWQ4ZjQ4OWEyNTY5ZjE5NGYzMjBhZDkzMmZhOTdmNzcwMmMxNWI5MmYz
-    N2E3MmE5NmQ1ZjlhZTU2ZDc3NDYxYzIxZjhkMjJjOGE1NDI5MDI4MmVmN2Fi
-    ZGExYWMzOGI3ZDAxNWE2NzdhOWRjNjkzZjAxMjRmMGM0NTIwZDU=
-  data.tar.gz: !binary |-
-    OGQxM2IyM2E1ZTUzM2QzZjBlMmZiYzBiMGU4OGM5YjI5NTU0YjA2ZWQ3MDY3
-    MjQ0ZDMxNTEzMWE0NzUzYjAxOGQ2MTAwZTFiMmU5YmYzZDFjYTVhNTdhOGVm
-    N2Q3Mjk0ODMxYWI3NDg3M2IwYzA5MmMwYTgzNzhjM2U5YTJkODI=
+  metadata.gz: bab32a2372d9a05d4f5b8591c77cb9be60c252b796b778c417a5ad9a2f87a7faae3421029b07543c06f3f7bdf5ad2c786776f6f45a93dca7e128f6753ce143dd
+  data.tar.gz: 1dd7005d75ff1a20cfc95e9362a48776bcc498f26ba4362f027252e32d32dcd30f8a50045fbb85da5486d231c63aaa043b20101169ee1fecf702dee2e95483c8

data/.gitignore

@@ -4,3 +4,8 @@ pkg
 Gemfile.lock
 coverage/
 .DS_Store
+.rbenv-gemsets
+.ruby-version
+.vscode/
+.bundle
+bin/

data/.rspec

@@ -1,2 +1 @@
 --color
---format d

data/CHANGELOG.md

@@ -0,0 +1,352 @@
+# Change Log
+
+## [v1.5.5](https://github.com/jwt/ruby-jwt/tree/v1.5.5) (2016-09-16)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.4...v1.5.5)
+
+**Implemented enhancements:**
+
+- JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the `exp` parameter [\#148](https://github.com/jwt/ruby-jwt/issues/148)
+
+**Fixed bugs:**
+
+- expiration check does not give "Signature has expired" error for the exact time of expiration [\#157](https://github.com/jwt/ruby-jwt/issues/157)
+- JTI claim broken? [\#152](https://github.com/jwt/ruby-jwt/issues/152)
+- Audience Claim broken? [\#151](https://github.com/jwt/ruby-jwt/issues/151)
+- 1.5.3 breaks compatibility with 1.5.2 [\#133](https://github.com/jwt/ruby-jwt/issues/133)
+- Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such [\#132](https://github.com/jwt/ruby-jwt/issues/132)
+- Fix: exp claim check [\#161](https://github.com/jwt/ruby-jwt/pull/161) ([excpt](https://github.com/excpt))
+
+**Closed issues:**
+
+- Rendering Json Results in JWT::DecodeError [\#162](https://github.com/jwt/ruby-jwt/issues/162)
+- PHP Libraries [\#154](https://github.com/jwt/ruby-jwt/issues/154)
+- \[security\] Signature verified after expiration/sub/iss checks [\#153](https://github.com/jwt/ruby-jwt/issues/153)
+- Is ruby-jwt thread-safe? [\#150](https://github.com/jwt/ruby-jwt/issues/150)
+- JWT 1.5.3 [\#143](https://github.com/jwt/ruby-jwt/issues/143)
+- gem install v 1.5.3 returns error [\#141](https://github.com/jwt/ruby-jwt/issues/141)
+- Adding a CHANGELOG [\#140](https://github.com/jwt/ruby-jwt/issues/140)
+
+**Merged pull requests:**
+
+- Bump version [\#165](https://github.com/jwt/ruby-jwt/pull/165) ([excpt](https://github.com/excpt))
+- Improve error message for exp claim in payload [\#164](https://github.com/jwt/ruby-jwt/pull/164) ([excpt](https://github.com/excpt))
+- Fix \#151 and code refactoring [\#163](https://github.com/jwt/ruby-jwt/pull/163) ([excpt](https://github.com/excpt))
+- Signature validation before claim verification [\#160](https://github.com/jwt/ruby-jwt/pull/160) ([excpt](https://github.com/excpt))
+- Create specs for README.md examples [\#159](https://github.com/jwt/ruby-jwt/pull/159) ([excpt](https://github.com/excpt))
+- Tiny Readme Improvement [\#156](https://github.com/jwt/ruby-jwt/pull/156) ([b264](https://github.com/b264))
+- Added test execution to Rakefile [\#147](https://github.com/jwt/ruby-jwt/pull/147) ([jabbrwcky](https://github.com/jabbrwcky))
+- Add more bling bling to the site [\#146](https://github.com/jwt/ruby-jwt/pull/146) ([excpt](https://github.com/excpt))
+- Bump version [\#145](https://github.com/jwt/ruby-jwt/pull/145) ([excpt](https://github.com/excpt))
+- Add first content and basic layout [\#144](https://github.com/jwt/ruby-jwt/pull/144) ([excpt](https://github.com/excpt))
+- Add a changelog file [\#142](https://github.com/jwt/ruby-jwt/pull/142) ([excpt](https://github.com/excpt))
+- Return decoded\_segments [\#139](https://github.com/jwt/ruby-jwt/pull/139) ([akostrikov](https://github.com/akostrikov))
+
+## [v1.5.4](https://github.com/jwt/ruby-jwt/tree/v1.5.4) (2016-03-24)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.3...v1.5.4)
+
+**Closed issues:**
+
+- 404 at https://rubygems.global.ssl.fastly.net/gems/jwt-1.5.3.gem [\#137](https://github.com/jwt/ruby-jwt/issues/137)
+
+**Merged pull requests:**
+
+- Update README.md [\#138](https://github.com/jwt/ruby-jwt/pull/138) ([excpt](https://github.com/excpt))
+- Fix base64url\_decode [\#136](https://github.com/jwt/ruby-jwt/pull/136) ([excpt](https://github.com/excpt))
+- Fix ruby 1.9.3 compatibility [\#135](https://github.com/jwt/ruby-jwt/pull/135) ([excpt](https://github.com/excpt))
+- iat can be a float value [\#134](https://github.com/jwt/ruby-jwt/pull/134) ([llimllib](https://github.com/llimllib))
+
+## [v1.5.3](https://github.com/jwt/ruby-jwt/tree/v1.5.3) (2016-02-24)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.2...v1.5.3)
+
+**Implemented enhancements:**
+
+- Refactor obsolete code for ruby 1.8 support [\#120](https://github.com/jwt/ruby-jwt/issues/120)
+- Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb [\#106](https://github.com/jwt/ruby-jwt/issues/106)
+- Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb [\#105](https://github.com/jwt/ruby-jwt/issues/105)
+- Allow a proc to be passed for JTI verification [\#126](https://github.com/jwt/ruby-jwt/pull/126) ([yahooguntu](https://github.com/yahooguntu))
+- Relax restrictions on "jti" claim verification [\#113](https://github.com/jwt/ruby-jwt/pull/113) ([lwe](https://github.com/lwe))
+
+**Closed issues:**
+
+- Verifications not functioning in latest release [\#128](https://github.com/jwt/ruby-jwt/issues/128)
+- Base64 is generating invalid length base64 strings - cross language interop [\#127](https://github.com/jwt/ruby-jwt/issues/127)
+- Digest::Digest is deprecated; use Digest [\#119](https://github.com/jwt/ruby-jwt/issues/119)
+- verify\_rsa no method 'verify' for class String [\#115](https://github.com/jwt/ruby-jwt/issues/115)
+- Add a changelog [\#111](https://github.com/jwt/ruby-jwt/issues/111)
+
+**Merged pull requests:**
+
+- Drop ruby 1.9.3 support [\#131](https://github.com/jwt/ruby-jwt/pull/131) ([excpt](https://github.com/excpt))
+- Allow string hash keys in validation configurations [\#130](https://github.com/jwt/ruby-jwt/pull/130) ([tpickett66](https://github.com/tpickett66))
+- Add ruby 2.3.0 for travis ci testing [\#123](https://github.com/jwt/ruby-jwt/pull/123) ([excpt](https://github.com/excpt))
+- Remove obsolete json code [\#122](https://github.com/jwt/ruby-jwt/pull/122) ([excpt](https://github.com/excpt))
+- Add fancy badges to README.md [\#118](https://github.com/jwt/ruby-jwt/pull/118) ([excpt](https://github.com/excpt))
+- Refactor decode and verify functionality [\#117](https://github.com/jwt/ruby-jwt/pull/117) ([excpt](https://github.com/excpt))
+- Drop echoe dependency for gem releases [\#116](https://github.com/jwt/ruby-jwt/pull/116) ([excpt](https://github.com/excpt))
+- Updated readme for iss/aud options [\#114](https://github.com/jwt/ruby-jwt/pull/114) ([ryanmcilmoyl](https://github.com/ryanmcilmoyl))
+- Fix error misspelling [\#112](https://github.com/jwt/ruby-jwt/pull/112) ([kat3kasper](https://github.com/kat3kasper))
+
+## [jwt-1.5.2](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.2) (2015-10-27)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.1...jwt-1.5.2)
+
+**Implemented enhancements:**
+
+- Must we specify algorithm when calling decode to avoid vulnerabilities? [\#107](https://github.com/jwt/ruby-jwt/issues/107)
+- Code review: Rspec test refactoring [\#85](https://github.com/jwt/ruby-jwt/pull/85) ([excpt](https://github.com/excpt))
+
+**Fixed bugs:**
+
+- aud verifies if aud is passed in, :sub does not [\#102](https://github.com/jwt/ruby-jwt/issues/102)
+- iat check does not use leeway so nbf could pass, but iat fail [\#83](https://github.com/jwt/ruby-jwt/issues/83)
+
+**Closed issues:**
+
+- Test ticket from Code Climate [\#104](https://github.com/jwt/ruby-jwt/issues/104)
+- Test ticket from Code Climate [\#100](https://github.com/jwt/ruby-jwt/issues/100)
+- Is it possible to decode the payload without validating the signature? [\#97](https://github.com/jwt/ruby-jwt/issues/97)
+- What is audience? [\#96](https://github.com/jwt/ruby-jwt/issues/96)
+- Options hash uses both symbols and strings as keys. [\#95](https://github.com/jwt/ruby-jwt/issues/95)
+
+**Merged pull requests:**
+
+- Fix incorrect `iat` examples [\#109](https://github.com/jwt/ruby-jwt/pull/109) ([kjwierenga](https://github.com/kjwierenga))
+- Update docs to include instructions for the algorithm parameter. [\#108](https://github.com/jwt/ruby-jwt/pull/108) ([aarongray](https://github.com/aarongray))
+- make sure :sub check behaves like :aud check [\#103](https://github.com/jwt/ruby-jwt/pull/103) ([skippy](https://github.com/skippy))
+- Change hash syntax [\#101](https://github.com/jwt/ruby-jwt/pull/101) ([excpt](https://github.com/excpt))
+- Include LICENSE and README.md in gem [\#99](https://github.com/jwt/ruby-jwt/pull/99) ([bkeepers](https://github.com/bkeepers))
+- Remove unused variable in the sample code. [\#98](https://github.com/jwt/ruby-jwt/pull/98) ([hypermkt](https://github.com/hypermkt))
+- Fix iat claim example [\#94](https://github.com/jwt/ruby-jwt/pull/94) ([larrylv](https://github.com/larrylv))
+- Fix wrong description in README.md [\#93](https://github.com/jwt/ruby-jwt/pull/93) ([larrylv](https://github.com/larrylv))
+- JWT and JWA are now RFC. [\#92](https://github.com/jwt/ruby-jwt/pull/92) ([aj-michael](https://github.com/aj-michael))
+- Update README.md [\#91](https://github.com/jwt/ruby-jwt/pull/91) ([nsarno](https://github.com/nsarno))
+- Fix missing verify parameter in docs [\#90](https://github.com/jwt/ruby-jwt/pull/90) ([ernie](https://github.com/ernie))
+- Iat check uses leeway. [\#89](https://github.com/jwt/ruby-jwt/pull/89) ([aj-michael](https://github.com/aj-michael))
+- nbf check allows exact time matches. [\#88](https://github.com/jwt/ruby-jwt/pull/88) ([aj-michael](https://github.com/aj-michael))
+
+## [jwt-1.5.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.1) (2015-06-22)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.0...jwt-1.5.1)
+
+**Implemented enhancements:**
+
+- Fix either README or source code [\#78](https://github.com/jwt/ruby-jwt/issues/78)
+- Validate against draft 20 [\#38](https://github.com/jwt/ruby-jwt/issues/38)
+
+**Fixed bugs:**
+
+- ECDSA signature verification fails for valid tokens [\#84](https://github.com/jwt/ruby-jwt/issues/84)
+- Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? [\#81](https://github.com/jwt/ruby-jwt/issues/81)
+- Fix either README or source code [\#78](https://github.com/jwt/ruby-jwt/issues/78)
+- decode fails with 'none' algorithm and verify [\#75](https://github.com/jwt/ruby-jwt/issues/75)
+
+**Closed issues:**
+
+- Doc mismatch: uninitialized constant JWT::ExpiredSignature [\#79](https://github.com/jwt/ruby-jwt/issues/79)
+- TypeError when specifying a wrong algorithm [\#77](https://github.com/jwt/ruby-jwt/issues/77)
+- jti verification doesn't prevent replays [\#73](https://github.com/jwt/ruby-jwt/issues/73)
+
+**Merged pull requests:**
+
+- Correctly sign ECDSA JWTs [\#87](https://github.com/jwt/ruby-jwt/pull/87) ([jurriaan](https://github.com/jurriaan))
+- fixed results of decoded tokens in readme [\#86](https://github.com/jwt/ruby-jwt/pull/86) ([piscolomo](https://github.com/piscolomo))
+- Force verification of "iss" and "aud" claims [\#82](https://github.com/jwt/ruby-jwt/pull/82) ([lwe](https://github.com/lwe))
+
+## [jwt-1.5.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.0) (2015-05-09)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.4.1...jwt-1.5.0)
+
+**Implemented enhancements:**
+
+- Needs to support asymmetric key signatures over shared secrets [\#46](https://github.com/jwt/ruby-jwt/issues/46)
+- Implement Elliptic Curve Crypto Signatures [\#74](https://github.com/jwt/ruby-jwt/pull/74) ([jtdowney](https://github.com/jtdowney))
+- Add an option to verify the signature on decode [\#71](https://github.com/jwt/ruby-jwt/pull/71) ([javawizard](https://github.com/javawizard))
+
+**Closed issues:**
+
+- Check JWT vulnerability [\#76](https://github.com/jwt/ruby-jwt/issues/76)
+
+**Merged pull requests:**
+
+- Fixed some examples to make them copy-pastable [\#72](https://github.com/jwt/ruby-jwt/pull/72) ([jer](https://github.com/jer))
+
+## [jwt-1.4.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.4.1) (2015-03-12)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.4.0...jwt-1.4.1)
+
+**Fixed bugs:**
+
+- jti verification not working per the spec [\#68](https://github.com/jwt/ruby-jwt/issues/68)
+- Verify ISS should be off by default [\#66](https://github.com/jwt/ruby-jwt/issues/66)
+
+**Merged pull requests:**
+
+- Fix \#66 \#68 [\#69](https://github.com/jwt/ruby-jwt/pull/69) ([excpt](https://github.com/excpt))
+- When throwing errors, mention expected/received values [\#65](https://github.com/jwt/ruby-jwt/pull/65) ([rolodato](https://github.com/rolodato))
+
+## [jwt-1.4.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.4.0) (2015-03-10)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.3.0...jwt-1.4.0)
+
+**Closed issues:**
+
+- The behavior using 'json' differs from 'multi\_json' [\#41](https://github.com/jwt/ruby-jwt/issues/41)
+
+**Merged pull requests:**
+
+- Release 1.4.0 [\#64](https://github.com/jwt/ruby-jwt/pull/64) ([excpt](https://github.com/excpt))
+- Update README.md and remove dead code [\#63](https://github.com/jwt/ruby-jwt/pull/63) ([excpt](https://github.com/excpt))
+- Add  'iat/ aud/ sub/ jti'  support for ruby-jwt [\#62](https://github.com/jwt/ruby-jwt/pull/62) ([ZhangHanDong](https://github.com/ZhangHanDong))
+- Add  'iss'  support for ruby-jwt [\#61](https://github.com/jwt/ruby-jwt/pull/61) ([ZhangHanDong](https://github.com/ZhangHanDong))
+- Clarify .encode API in README [\#60](https://github.com/jwt/ruby-jwt/pull/60) ([jbodah](https://github.com/jbodah))
+
+## [jwt-1.3.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.3.0) (2015-02-24)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.2.1...jwt-1.3.0)
+
+**Closed issues:**
+
+- Signature Verification to Return Verification Error rather than decode error [\#57](https://github.com/jwt/ruby-jwt/issues/57)
+- Incorrect readme for leeway [\#55](https://github.com/jwt/ruby-jwt/issues/55)
+- What is the reason behind stripping the = in base64 encoding? [\#54](https://github.com/jwt/ruby-jwt/issues/54)
+- Preperations for version 2.x [\#50](https://github.com/jwt/ruby-jwt/issues/50)
+- Release a new version [\#47](https://github.com/jwt/ruby-jwt/issues/47)
+- Catch up for ActiveWhatever 4.1.1 series [\#40](https://github.com/jwt/ruby-jwt/issues/40)
+
+**Merged pull requests:**
+
+- raise verification error for signiture verification [\#58](https://github.com/jwt/ruby-jwt/pull/58) ([punkle](https://github.com/punkle))
+- Added support for not before claim verification [\#56](https://github.com/jwt/ruby-jwt/pull/56) ([punkle](https://github.com/punkle))
+- Preperations for version 2.x [\#49](https://github.com/jwt/ruby-jwt/pull/49) ([excpt](https://github.com/excpt))
+
+## [jwt-1.2.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.2.1) (2015-01-22)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.2.0...jwt-1.2.1)
+
+**Closed issues:**
+
+- JWT.encode\({"exp": 10}, "secret"\) [\#52](https://github.com/jwt/ruby-jwt/issues/52)
+- JWT.encode\({"exp": 10}, "secret"\) [\#51](https://github.com/jwt/ruby-jwt/issues/51)
+
+**Merged pull requests:**
+
+- Accept expiration claims as string [\#53](https://github.com/jwt/ruby-jwt/pull/53) ([yarmand](https://github.com/yarmand))
+
+## [jwt-1.2.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.2.0) (2014-11-24)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.13...jwt-1.2.0)
+
+**Closed issues:**
+
+- set token to expire [\#42](https://github.com/jwt/ruby-jwt/issues/42)
+
+**Merged pull requests:**
+
+- Added support for `exp` claim [\#45](https://github.com/jwt/ruby-jwt/pull/45) ([zshannon](https://github.com/zshannon))
+- rspec 3 breaks passing tests [\#44](https://github.com/jwt/ruby-jwt/pull/44) ([zshannon](https://github.com/zshannon))
+
+## [jwt-0.1.13](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.13) (2014-05-08)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.0.0...jwt-0.1.13)
+
+**Closed issues:**
+
+- yanking of version 0.1.12 causes issues [\#39](https://github.com/jwt/ruby-jwt/issues/39)
+- Semantic versioning [\#37](https://github.com/jwt/ruby-jwt/issues/37)
+- Update gem to get latest changes [\#36](https://github.com/jwt/ruby-jwt/issues/36)
+
+## [jwt-1.0.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.0.0) (2014-05-07)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.11...jwt-1.0.0)
+
+**Closed issues:**
+
+- API request - JWT::decoded\_header\(\) [\#26](https://github.com/jwt/ruby-jwt/issues/26)
+
+**Merged pull requests:**
+
+- return header along with playload after decoding [\#35](https://github.com/jwt/ruby-jwt/pull/35) ([sawyerzhang](https://github.com/sawyerzhang))
+- Raise JWT::DecodeError on nil token [\#34](https://github.com/jwt/ruby-jwt/pull/34) ([tjmw](https://github.com/tjmw))
+- Make MultiJson optional for Ruby 1.9+ [\#33](https://github.com/jwt/ruby-jwt/pull/33) ([petergoldstein](https://github.com/petergoldstein))
+- Allow access to header and payload without signature verification [\#32](https://github.com/jwt/ruby-jwt/pull/32) ([petergoldstein](https://github.com/petergoldstein))
+- Update specs to use RSpec 3.0.x syntax [\#31](https://github.com/jwt/ruby-jwt/pull/31) ([petergoldstein](https://github.com/petergoldstein))
+- Travis - Add Ruby 2.0.0, 2.1.0, Rubinius [\#30](https://github.com/jwt/ruby-jwt/pull/30) ([petergoldstein](https://github.com/petergoldstein))
+
+## [jwt-0.1.11](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.11) (2014-01-17)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.10...jwt-0.1.11)
+
+**Closed issues:**
+
+- url safe encode and decode [\#28](https://github.com/jwt/ruby-jwt/issues/28)
+- Release [\#27](https://github.com/jwt/ruby-jwt/issues/27)
+
+**Merged pull requests:**
+
+- fixed urlsafe base64 encoding [\#29](https://github.com/jwt/ruby-jwt/pull/29) ([tobscher](https://github.com/tobscher))
+
+## [jwt-0.1.10](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.10) (2014-01-10)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.8...jwt-0.1.10)
+
+**Closed issues:**
+
+- change to signature of JWT.decode method [\#14](https://github.com/jwt/ruby-jwt/issues/14)
+
+**Merged pull requests:**
+
+- Fix warning: assigned but unused variable - e [\#25](https://github.com/jwt/ruby-jwt/pull/25) ([sferik](https://github.com/sferik))
+- Echoe doesn't define a license= method [\#24](https://github.com/jwt/ruby-jwt/pull/24) ([sferik](https://github.com/sferik))
+- Use OpenSSL::Digest instead of deprecated OpenSSL::Digest::Digest [\#23](https://github.com/jwt/ruby-jwt/pull/23) ([JuanitoFatas](https://github.com/JuanitoFatas))
+- Handle some invalid JWTs [\#22](https://github.com/jwt/ruby-jwt/pull/22) ([steved](https://github.com/steved))
+- Add MIT license to gemspec [\#21](https://github.com/jwt/ruby-jwt/pull/21) ([nycvotes-dev](https://github.com/nycvotes-dev))
+- Tweaks and improvements [\#20](https://github.com/jwt/ruby-jwt/pull/20) ([threedaymonk](https://github.com/threedaymonk))
+- Don't leave errors in OpenSSL.errors when there is a decoding error. [\#19](https://github.com/jwt/ruby-jwt/pull/19) ([lowellk](https://github.com/lowellk))
+
+## [jwt-0.1.8](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.8) (2013-03-14)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.7...jwt-0.1.8)
+
+**Merged pull requests:**
+
+- Contrib and update [\#18](https://github.com/jwt/ruby-jwt/pull/18) ([threedaymonk](https://github.com/threedaymonk))
+- Verify if verify is truthy \(not just true\) [\#17](https://github.com/jwt/ruby-jwt/pull/17) ([threedaymonk](https://github.com/threedaymonk))
+
+## [jwt-0.1.7](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.7) (2013-03-07)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.6...jwt-0.1.7)
+
+**Merged pull requests:**
+
+- Catch MultiJson::LoadError and reraise as JWT::DecodeError [\#16](https://github.com/jwt/ruby-jwt/pull/16) ([rwygand](https://github.com/rwygand))
+
+## [jwt-0.1.6](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.6) (2013-03-05)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.5...jwt-0.1.6)
+
+**Merged pull requests:**
+
+- Fixes a theoretical timing attack [\#15](https://github.com/jwt/ruby-jwt/pull/15) ([mgates](https://github.com/mgates))
+- Use StandardError as parent for DecodeError [\#13](https://github.com/jwt/ruby-jwt/pull/13) ([Oscil8](https://github.com/Oscil8))
+
+## [jwt-0.1.5](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.5) (2012-07-20)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.4...jwt-0.1.5)
+
+**Closed issues:**
+
+- Unable to specify signature header fields [\#7](https://github.com/jwt/ruby-jwt/issues/7)
+
+**Merged pull requests:**
+
+- MultiJson dependency uses ~\> but should be \>= [\#12](https://github.com/jwt/ruby-jwt/pull/12) ([sporkmonger](https://github.com/sporkmonger))
+- Oops. :-\) [\#11](https://github.com/jwt/ruby-jwt/pull/11) ([sporkmonger](https://github.com/sporkmonger))
+- Fix issue with signature verification in JRuby [\#10](https://github.com/jwt/ruby-jwt/pull/10) ([sporkmonger](https://github.com/sporkmonger))
+- Depend on MultiJson [\#9](https://github.com/jwt/ruby-jwt/pull/9) ([lautis](https://github.com/lautis))
+- Allow for custom headers on encode and decode [\#8](https://github.com/jwt/ruby-jwt/pull/8) ([dgrijalva](https://github.com/dgrijalva))
+- Missing development dependency for echoe gem. [\#6](https://github.com/jwt/ruby-jwt/pull/6) ([sporkmonger](https://github.com/sporkmonger))
+
+## [jwt-0.1.4](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.4) (2011-11-11)
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.3...jwt-0.1.4)
+
+**Merged pull requests:**
+
+- Fix for RSA verification [\#5](https://github.com/jwt/ruby-jwt/pull/5) ([jordan-brough](https://github.com/jordan-brough))
+
+## [jwt-0.1.3](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.3) (2011-06-30)
+**Closed issues:**
+
+- signatures calculated incorrectly \(hexdigest instead of digest\) [\#1](https://github.com/jwt/ruby-jwt/issues/1)
+
+**Merged pull requests:**
+
+- Bumped a version and added a .gemspec using rake build\_gemspec [\#3](https://github.com/jwt/ruby-jwt/pull/3) ([zhitomirskiyi](https://github.com/zhitomirskiyi))
+- Added RSA support [\#2](https://github.com/jwt/ruby-jwt/pull/2) ([zhitomirskiyi](https://github.com/zhitomirskiyi))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/README.md

@@ -12,7 +12,7 @@ If you have further questions releated to development or usage, join us: [ruby-j
 ## Announcements
 
 * Ruby 1.9.3 support will be dropped by December 31st, 2016.
-* Version 1.5.3 yanked. See: #132 and #133
+* Version 1.5.3 yanked. See: [#132](https://github.com/jwt/ruby-jwt/issues/132) and [#133](https://github.com/jwt/ruby-jwt/issues/133)
 
 ## Installing
 
@@ -46,7 +46,7 @@ payload = {:data => 'test'}
 # IMPORTANT: set nil as password parameter
 token = JWT.encode payload, nil, 'none'
 
-# eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJ0ZXN0IjoiZGF0YSJ9.
+# eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJkYXRhIjoidGVzdCJ9.
 puts token
 
 # Set password to nil and validation to false otherwise this won't work
@@ -62,8 +62,8 @@ puts decoded_token
 
 **HMAC** (default: HS256)
 
-* HS256	- HMAC using SHA-256 hash algorithm (default)
-* HS384	- HMAC using SHA-384 hash algorithm
+* HS256 - HMAC using SHA-256 hash algorithm (default)
+* HS384 - HMAC using SHA-384 hash algorithm
 * HS512 - HMAC using SHA-512 hash algorithm
 
 ```ruby
@@ -71,7 +71,7 @@ hmac_secret = 'my$ecretK3y'
 
 token = JWT.encode payload, hmac_secret, 'HS256'
 
-# eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoiZGF0YSJ9._sLPAGP-IXgho8BkMGQ86N2mah7vDyn0L5hOR4UkfoI
+# eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.ZxW8go9hz3ETCSfxFxpwSkYg_602gOPKearsf6DsxgY
 puts token
 
 decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }

data/Rakefile

@@ -1 +1,11 @@
 require 'bundler/gem_tasks'
+
+begin
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new(:test)
+
+  task default: :test
+rescue LoadError
+  puts 'RSpec rake tasks not available. Please run "bundle install" to install missing dependencies.'
+end

data/lib/jwt.rb

@@ -15,7 +15,7 @@ module JWT
     'prime256v1' => 'ES256',
     'secp384r1' => 'ES384',
     'secp521r1' => 'ES512'
-  }
+  }.freeze
 
   module_function
 
@@ -27,7 +27,7 @@ module JWT
     elsif %w(ES256 ES384 ES512).include?(algorithm)
       sign_ecdsa(algorithm, msg, key)
     else
-      fail NotImplementedError, 'Unsupported signing method'
+      raise NotImplementedError, 'Unsupported signing method'
     end
   end
 
@@ -38,7 +38,7 @@ module JWT
   def sign_ecdsa(algorithm, msg, private_key)
     key_algorithm = NAMED_CURVES[private_key.group.curve_name]
     if algorithm != key_algorithm
-      fail IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
+      raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
     end
 
     digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
@@ -52,7 +52,7 @@ module JWT
   def verify_ecdsa(algorithm, public_key, signing_input, signature)
     key_algorithm = NAMED_CURVES[public_key.group.curve_name]
     if algorithm != key_algorithm
-      fail IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
+      raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
     end
 
     digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
@@ -73,6 +73,7 @@ module JWT
   end
 
   def encoded_payload(payload)
+    raise InvalidPayload, "exp claim must be an integer" if payload['exp'] && payload['exp'].is_a?(Time)
     base64url_encode(encode_json(payload))
   end
 
@@ -94,8 +95,29 @@ module JWT
     segments.join('.')
   end
 
+  def decoded_segments(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
+    raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
+
+    options = {
+      verify_expiration: true,
+      verify_not_before: true,
+      verify_iss: false,
+      verify_iat: false,
+      verify_jti: false,
+      verify_aud: false,
+      verify_sub: false,
+      leeway: 0
+    }
+
+    merged_options = options.merge(custom_options)
+
+    decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
+    decoder.decode_segments
+  end
+
+
   def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
-    fail(JWT::DecodeError, 'Nil JSON web token') unless jwt
+    raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
 
     options = {
       verify_expiration: true,
@@ -112,35 +134,36 @@ module JWT
 
     decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
     header, payload, signature, signing_input = decoder.decode_segments
-    decoder.verify
-
-    fail(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
 
     if verify
       algo, key = signature_algorithm_and_key(header, key, &keyfinder)
       if merged_options[:algorithm] && algo != merged_options[:algorithm]
-        fail JWT::IncorrectAlgorithm, 'Expected a different algorithm'
+        raise JWT::IncorrectAlgorithm, 'Expected a different algorithm'
       end
       verify_signature(algo, key, signing_input, signature)
     end
 
+    decoder.verify
+
+    raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
+
     [payload, header]
   end
 
   def signature_algorithm_and_key(header, key, &keyfinder)
-    key = keyfinder.call(header) if keyfinder
+    key = yield(header) if keyfinder
     [header['alg'], key]
   end
 
   def verify_signature(algo, key, signing_input, signature)
     if %w(HS256 HS384 HS512).include?(algo)
-      fail(JWT::VerificationError, 'Signature verification raised') unless secure_compare(signature, sign_hmac(algo, signing_input, key))
+      raise(JWT::VerificationError, 'Signature verification raised') unless secure_compare(signature, sign_hmac(algo, signing_input, key))
     elsif %w(RS256 RS384 RS512).include?(algo)
-      fail(JWT::VerificationError, 'Signature verification raised') unless verify_rsa(algo, key, signing_input, signature)
+      raise(JWT::VerificationError, 'Signature verification raised') unless verify_rsa(algo, key, signing_input, signature)
     elsif %w(ES256 ES384 ES512).include?(algo)
-      fail(JWT::VerificationError, 'Signature verification raised') unless verify_ecdsa(algo, key, signing_input, signature)
+      raise(JWT::VerificationError, 'Signature verification raised') unless verify_ecdsa(algo, key, signing_input, signature)
     else
-      fail JWT::VerificationError, 'Algorithm not supported'
+      raise JWT::VerificationError, 'Algorithm not supported'
     end
   rescue OpenSSL::PKey::PKeyError
     raise JWT::VerificationError, 'Signature verification raised'

data/lib/jwt/error.rb

@@ -9,4 +9,5 @@ module JWT
   class InvalidAudError < DecodeError; end
   class InvalidSubError < DecodeError; end
   class InvalidJtiError < DecodeError; end
+  class InvalidPayload < DecodeError; end
 end

data/lib/jwt/verify.rb

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 require 'jwt/error'
 
 module JWT
   # JWT verify methods
   class Verify
     class << self
-      %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub].each do |method_name|
+      %w(verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub).each do |method_name|
         define_method method_name do |payload, options|
           new(payload, options).send(method_name)
         end
@@ -20,12 +21,21 @@ module JWT
       return unless (options_aud = extract_option(:aud))
 
       if @payload['aud'].is_a?(Array)
-        fail(
-          JWT::InvalidAudError,
-          'Invalid audience'
-        ) unless @payload['aud'].include?(options_aud.to_s)
+        if options_aud.is_a?(Array)
+          options_aud.each do |aud|
+            raise(
+              JWT::InvalidAudError,
+              'Invalid audience'
+            ) unless @payload['aud'].include?(aud)
+          end
+        else
+          raise(
+            JWT::InvalidAudError,
+            'Invalid audience'
+          ) unless @payload['aud'].include?(options_aud)
+        end
       else
-        fail(
+        raise(
           JWT::InvalidAudError,
           "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || '<none>'}"
         ) unless @payload['aud'].to_s == options_aud.to_s
@@ -35,16 +45,16 @@ module JWT
     def verify_expiration
       return unless @payload.include?('exp')
 
-      if @payload['exp'].to_i < (Time.now.to_i - leeway)
-        fail(JWT::ExpiredSignature, 'Signature has expired')
+      if @payload['exp'].to_i <= (Time.now.to_i - leeway)
+        raise(JWT::ExpiredSignature, 'Signature has expired')
       end
     end
 
     def verify_iat
       return unless @payload.include?('iat')
 
-      if !(@payload['iat'].is_a?(Numeric)) || @payload['iat'].to_f > (Time.now.to_f + leeway)
-        fail(JWT::InvalidIatError, 'Invalid iat')
+      if !@payload['iat'].is_a?(Numeric) || @payload['iat'].to_f > (Time.now.to_f + leeway)
+        raise(JWT::InvalidIatError, 'Invalid iat')
       end
     end
 
@@ -52,7 +62,7 @@ module JWT
       return unless (options_iss = extract_option(:iss))
 
       if @payload['iss'].to_s != options_iss.to_s
-        fail(
+        raise(
           JWT::InvalidIssuerError,
           "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || '<none>'}"
         )
@@ -62,9 +72,9 @@ module JWT
     def verify_jti
       options_verify_jti = extract_option(:verify_jti)
       if options_verify_jti.respond_to?(:call)
-        fail(JWT::InvalidJtiError, 'Invalid jti') unless options_verify_jti.call(@payload['jti'])
+        raise(JWT::InvalidJtiError, 'Invalid jti') unless options_verify_jti.call(@payload['jti'])
       else
-        fail(JWT::InvalidJtiError, 'Missing jti') if @payload['jti'].to_s.strip.empty?
+        raise(JWT::InvalidJtiError, 'Missing jti') if @payload['jti'].to_s.strip.empty?
       end
     end
 
@@ -72,14 +82,14 @@ module JWT
       return unless @payload.include?('nbf')
 
       if @payload['nbf'].to_i > (Time.now.to_i + leeway)
-        fail(JWT::ImmatureSignature, 'Signature nbf has not been reached')
+        raise(JWT::ImmatureSignature, 'Signature nbf has not been reached')
       end
     end
 
     def verify_sub
       return unless (options_sub = extract_option(:sub))
 
-      fail(
+      raise(
         JWT::InvalidSubError,
         "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || '<none>'}"
       ) unless @payload['sub'].to_s == options_sub.to_s

data/lib/jwt/version.rb

@@ -13,9 +13,9 @@ module JWT
     # minor version
     MINOR = 5
     # tiny version
-    TINY  = 4
+    TINY  = 5
     # alpha, beta, etc. tag
-    PRE   = nil
+    PRE   = nil 
 
     # Build version string
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

data/ruby-jwt.gemspec

@@ -22,6 +22,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'json', '< 2.0'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'simplecov-json'

data/spec/integration/readme_examples_spec.rb

@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+require_relative '../spec_helper'
+require 'jwt'
+
+describe 'README.md code test' do
+  context 'algorithm usage' do
+    let(:payload) { { data: 'test' } }
+
+    it 'NONE' do
+      token = JWT.encode payload, nil, 'none'
+      decoded_token = JWT.decode token, nil, false
+
+      expect(token).to eq 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJkYXRhIjoidGVzdCJ9.'
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'typ' => 'JWT', 'alg' => 'none' }
+      ]
+    end
+
+    it 'HMAC' do
+      token = JWT.encode payload, 'my$ecretK3y', 'HS256'
+      decoded_token = JWT.decode token, 'my$ecretK3y', false
+
+      expect(token).to eq 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.ZxW8go9hz3ETCSfxFxpwSkYg_602gOPKearsf6DsxgY'
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'typ' => 'JWT', 'alg' => 'HS256' }
+      ]
+    end
+
+    it 'RSA' do
+      rsa_private = OpenSSL::PKey::RSA.generate 2048
+      rsa_public = rsa_private.public_key
+
+      token = JWT.encode payload, rsa_private, 'RS256'
+      decoded_token = JWT.decode token, rsa_public, true, algorithm: 'RS256'
+
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'typ' => 'JWT', 'alg' => 'RS256' }
+      ]
+    end
+
+    it 'ECDSA' do
+      ecdsa_key = OpenSSL::PKey::EC.new 'prime256v1'
+      ecdsa_key.generate_key
+      ecdsa_public = OpenSSL::PKey::EC.new ecdsa_key
+      ecdsa_public.private_key = nil
+
+      token = JWT.encode payload, ecdsa_key, 'ES256'
+      decoded_token = JWT.decode token, ecdsa_public, true, algorithm: 'ES256'
+
+      expect(decoded_token).to eq [
+        { 'data' => 'test' },
+        { 'typ' => 'JWT', 'alg' => 'ES256' }
+      ]
+    end
+  end
+
+  context 'claims' do
+    let(:hmac_secret) { 'MyP4ssW0rD' }
+
+    context 'exp' do
+      it 'without leeway' do
+        exp = Time.now.to_i + 4 * 3600
+        exp_payload = { data: 'data', exp: exp }
+
+        token = JWT.encode exp_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'with leeway' do
+        exp = Time.now.to_i - 10
+        leeway = 30 # seconds
+
+        exp_payload = { data: 'data', exp: exp }
+
+        token = JWT.encode exp_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+    end
+
+    context 'nbf' do
+      it 'without leeway' do
+        nbf = Time.now.to_i - 3600
+        nbf_payload = { data: 'data', nbf: nbf }
+        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'with leeway' do
+        nbf = Time.now.to_i + 10
+        leeway = 30
+        nbf_payload = { data: 'data', nbf: nbf }
+        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+    end
+
+    it 'iss' do
+      iss = 'My Awesome Company Inc. or https://my.awesome.website/'
+      iss_payload = { data: 'data', iss: iss }
+
+      token = JWT.encode iss_payload, hmac_secret, 'HS256'
+
+      expect do
+        JWT.decode token, hmac_secret, true, iss: iss, algorithm: 'HS256'
+      end.not_to raise_error
+    end
+
+    context 'aud' do
+      it 'array' do
+        aud = %w(Young Old)
+        aud_payload = { data: 'data', aud: aud }
+
+        token = JWT.encode aud_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, aud: %w(Old Young), verify_aud: true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'string' do
+        expect do
+        end.not_to raise_error
+      end
+    end
+
+    it 'jti' do
+      iat = Time.now.to_i
+      hmac_secret = 'test'
+      jti_raw = [hmac_secret, iat].join(':').to_s
+      jti = Digest::MD5.hexdigest(jti_raw)
+      jti_payload = { data: 'data', iat: iat, jti: jti }
+
+      token = JWT.encode jti_payload, hmac_secret, 'HS256'
+
+      expect do
+        JWT.decode token, hmac_secret, true, verify_jti: true, algorithm: 'HS256'
+      end.not_to raise_error
+    end
+
+    context 'iat' do
+      it 'without leeway' do
+        iat = Time.now.to_i
+        iat_payload = { data: 'data', iat: iat }
+
+        token = JWT.encode iat_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+
+      it 'with leeway' do
+        iat = Time.now.to_i - 7
+        iat_payload = { data: 'data', iat: iat, leeway: 10 }
+
+        token = JWT.encode iat_payload, hmac_secret, 'HS256'
+
+        expect do
+          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
+        end.not_to raise_error
+      end
+    end
+
+    it 'sub' do
+      sub = 'Subject'
+      sub_payload = { data: 'data', sub: sub }
+
+      token = JWT.encode sub_payload, hmac_secret, 'HS256'
+
+      expect do
+        JWT.decode token, hmac_secret, true, 'sub' => sub, :verify_sub => true, :algorithm => 'HS256'
+      end.not_to raise_error
+    end
+  end
+end

data/spec/jwt/verify_spec.rb

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 require 'spec_helper'
 require 'jwt/verify'
 
 module JWT
   RSpec.describe Verify do
     let(:base_payload) { { 'user_id' => 'some@user.tld' } }
-    let(:options) {  { leeway: 0} }
+    let(:options) { { leeway: 0 } }
 
     context '.verify_aud(payload, options)' do
       let(:scalar_aud) { 'ruby-jwt-audience' }
@@ -60,6 +61,14 @@ module JWT
       it 'must allow some leeway in the expiration when configured' do
         Verify.verify_expiration(payload, options.merge(leeway: 10))
       end
+
+      it 'must be expired if the exp claim equals the current time' do
+        payload['exp'] = Time.now.to_i
+
+        expect do
+          Verify.verify_expiration(payload, options)
+        end.to raise_error JWT::ExpiredSignature
+      end
     end
 
     context '.verify_iat(payload, options)' do
@@ -135,12 +144,12 @@ module JWT
 
       it 'must raise JWT::InvalidJtiError when verify_jti proc returns false' do
         expect do
-          Verify.verify_jti(payload, options.merge(verify_jti: ->(jti) { false }))
+          Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { false }))
         end.to raise_error JWT::InvalidJtiError, /invalid/i
       end
 
       it 'true proc should not raise JWT::InvalidJtiError' do
-        Verify.verify_jti(payload, options.merge(verify_jti: ->(jti) { true }))
+        Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { true }))
       end
     end
 

data/spec/jwt_spec.rb

@@ -50,6 +50,14 @@ describe JWT do
       expect(header['alg']).to eq alg
       expect(jwt_payload).to eq payload
     end
+
+    it 'should display a better error message if payload exp is_a?(Time)' do
+      payload['exp'] = Time.now
+
+      expect do
+        JWT.encode payload, nil, alg
+      end.to raise_error JWT::InvalidPayload
+    end
   end
 
   %w(HS256 HS384 HS512).each do |alg|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 1.5.4
+  version: 1.5.5
 platform: ruby
 authors:
 - Jeff Lindsay
@@ -9,90 +9,104 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-24 00:00:00.000000000 Z
+date: 2016-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov-json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT)
@@ -102,11 +116,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .codeclimate.yml
-- .gitignore
-- .rspec
-- .rubocop.yml
-- .travis.yml
+- ".codeclimate.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - Manifest
@@ -139,6 +154,7 @@ files:
 - spec/fixtures/certs/rsa-2048-wrong-public.pem
 - spec/fixtures/certs/rsa-4096-private.pem
 - spec/fixtures/certs/rsa-4096-public.pem
+- spec/integration/readme_examples_spec.rb
 - spec/jwt/verify_spec.rb
 - spec/jwt_spec.rb
 - spec/spec_helper.rb
@@ -152,17 +168,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.6
 signing_key: 
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
@@ -187,6 +203,7 @@ test_files:
 - spec/fixtures/certs/rsa-2048-wrong-public.pem
 - spec/fixtures/certs/rsa-4096-private.pem
 - spec/fixtures/certs/rsa-4096-public.pem
+- spec/integration/readme_examples_spec.rb
 - spec/jwt/verify_spec.rb
 - spec/jwt_spec.rb
 - spec/spec_helper.rb