jwt 1.5.6 → 2.7.0

data/spec/integration/readme_examples_spec.rb

@@ -1,190 +0,0 @@
-# frozen_string_literal: true
-require_relative '../spec_helper'
-require 'jwt'
-
-describe 'README.md code test' do
-  context 'algorithm usage' do
-    let(:payload) { { data: 'test' } }
-
-    it 'NONE' do
-      token = JWT.encode payload, nil, 'none'
-      decoded_token = JWT.decode token, nil, false
-
-      expect(token).to eq 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJkYXRhIjoidGVzdCJ9.'
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'none' }
-      ]
-    end
-
-    it 'HMAC' do
-      token = JWT.encode payload, 'my$ecretK3y', 'HS256'
-      decoded_token = JWT.decode token, 'my$ecretK3y', false
-
-      expect(token).to eq 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.ZxW8go9hz3ETCSfxFxpwSkYg_602gOPKearsf6DsxgY'
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'HS256' }
-      ]
-    end
-
-    it 'RSA' do
-      rsa_private = OpenSSL::PKey::RSA.generate 2048
-      rsa_public = rsa_private.public_key
-
-      token = JWT.encode payload, rsa_private, 'RS256'
-      decoded_token = JWT.decode token, rsa_public, true, algorithm: 'RS256'
-
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'RS256' }
-      ]
-    end
-
-    it 'ECDSA' do
-      ecdsa_key = OpenSSL::PKey::EC.new 'prime256v1'
-      ecdsa_key.generate_key
-      ecdsa_public = OpenSSL::PKey::EC.new ecdsa_key
-      ecdsa_public.private_key = nil
-
-      token = JWT.encode payload, ecdsa_key, 'ES256'
-      decoded_token = JWT.decode token, ecdsa_public, true, algorithm: 'ES256'
-
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'ES256' }
-      ]
-    end
-  end
-
-  context 'claims' do
-    let(:hmac_secret) { 'MyP4ssW0rD' }
-
-    context 'exp' do
-      it 'without leeway' do
-        exp = Time.now.to_i + 4 * 3600
-        exp_payload = { data: 'data', exp: exp }
-
-        token = JWT.encode exp_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'with leeway' do
-        exp = Time.now.to_i - 10
-        leeway = 30 # seconds
-
-        exp_payload = { data: 'data', exp: exp }
-
-        token = JWT.encode exp_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-    end
-
-    context 'nbf' do
-      it 'without leeway' do
-        nbf = Time.now.to_i - 3600
-        nbf_payload = { data: 'data', nbf: nbf }
-        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'with leeway' do
-        nbf = Time.now.to_i + 10
-        leeway = 30
-        nbf_payload = { data: 'data', nbf: nbf }
-        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-    end
-
-    it 'iss' do
-      iss = 'My Awesome Company Inc. or https://my.awesome.website/'
-      iss_payload = { data: 'data', iss: iss }
-
-      token = JWT.encode iss_payload, hmac_secret, 'HS256'
-
-      expect do
-        JWT.decode token, hmac_secret, true, iss: iss, algorithm: 'HS256'
-      end.not_to raise_error
-    end
-
-    context 'aud' do
-      it 'array' do
-        aud = %w(Young Old)
-        aud_payload = { data: 'data', aud: aud }
-
-        token = JWT.encode aud_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, aud: %w(Old Young), verify_aud: true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'string' do
-        expect do
-        end.not_to raise_error
-      end
-    end
-
-    it 'jti' do
-      iat = Time.now.to_i
-      hmac_secret = 'test'
-      jti_raw = [hmac_secret, iat].join(':').to_s
-      jti = Digest::MD5.hexdigest(jti_raw)
-      jti_payload = { data: 'data', iat: iat, jti: jti }
-
-      token = JWT.encode jti_payload, hmac_secret, 'HS256'
-
-      expect do
-        JWT.decode token, hmac_secret, true, verify_jti: true, algorithm: 'HS256'
-      end.not_to raise_error
-    end
-
-    context 'iat' do
-      it 'without leeway' do
-        iat = Time.now.to_i
-        iat_payload = { data: 'data', iat: iat }
-
-        token = JWT.encode iat_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'with leeway' do
-        iat = Time.now.to_i - 7
-        iat_payload = { data: 'data', iat: iat, leeway: 10 }
-
-        token = JWT.encode iat_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-    end
-
-    it 'sub' do
-      sub = 'Subject'
-      sub_payload = { data: 'data', sub: sub }
-
-      token = JWT.encode sub_payload, hmac_secret, 'HS256'
-
-      expect do
-        JWT.decode token, hmac_secret, true, 'sub' => sub, :verify_sub => true, :algorithm => 'HS256'
-      end.not_to raise_error
-    end
-  end
-end

data/spec/jwt/verify_spec.rb

@@ -1,197 +0,0 @@
-# frozen_string_literal: true
-require 'spec_helper'
-require 'jwt/verify'
-
-module JWT
-  RSpec.describe Verify do
-    let(:base_payload) { { 'user_id' => 'some@user.tld' } }
-    let(:options) { { leeway: 0 } }
-
-    context '.verify_aud(payload, options)' do
-      let(:scalar_aud) { 'ruby-jwt-audience' }
-      let(:array_aud) { %w(ruby-jwt-aud test-aud ruby-ruby-ruby) }
-      let(:scalar_payload) { base_payload.merge('aud' => scalar_aud) }
-      let(:array_payload) { base_payload.merge('aud' => array_aud) }
-
-      it 'must raise JWT::InvalidAudError when the singular audience does not match' do
-        expect do
-          Verify.verify_aud(scalar_payload, options.merge(aud: 'no-match'))
-        end.to raise_error JWT::InvalidAudError
-      end
-
-      it 'must raise JWT::InvalidAudError when the payload has an array and none match the supplied value' do
-        expect do
-          Verify.verify_aud(array_payload, options.merge(aud: 'no-match'))
-        end.to raise_error JWT::InvalidAudError
-      end
-
-      it 'must raise JWT::InvalidAudError when the singular audience does not match and the options aud key is a string' do
-        expect do
-          Verify.verify_aud(scalar_payload, options.merge('aud' => 'no-match'))
-        end.to raise_error JWT::InvalidAudError
-      end
-
-      it 'must allow a matching singular audience to pass' do
-        Verify.verify_aud(scalar_payload, options.merge(aud: scalar_aud))
-      end
-
-      it 'must allow a matching audence to pass when the options key is a string' do
-        Verify.verify_aud(scalar_payload, options.merge('aud' => scalar_aud))
-      end
-
-      it 'must allow an array with any value matching the one in the options' do
-        Verify.verify_aud(array_payload, options.merge(aud: array_aud.first))
-      end
-
-      it 'must allow an array with any value matching the one in the options with a string options key' do
-        Verify.verify_aud(array_payload, options.merge('aud' => array_aud.first))
-      end
-
-      it 'should allow strings or symbolds in options array' do
-        options['aud'] = [
-          'ruby-jwt-aud', 
-          'test-aud',
-          'ruby-ruby-ruby',
-          :test
-        ]
-
-        array_payload['aud'].push('test')
-        
-        Verify.verify_aud(array_payload, options)
-      end
-    end
-
-    context '.verify_expiration(payload, options)' do
-      let(:leeway) { 10 }
-      let(:payload) { base_payload.merge('exp' => (Time.now.to_i - 5)) }
-
-      it 'must raise JWT::ExpiredSignature when the token has expired' do
-        expect do
-          Verify.verify_expiration(payload, options)
-        end.to raise_error JWT::ExpiredSignature
-      end
-
-      it 'must allow some leeway in the expiration when configured' do
-        Verify.verify_expiration(payload, options.merge(leeway: 10))
-      end
-
-      it 'must be expired if the exp claim equals the current time' do
-        payload['exp'] = Time.now.to_i
-
-        expect do
-          Verify.verify_expiration(payload, options)
-        end.to raise_error JWT::ExpiredSignature
-      end
-    end
-
-    context '.verify_iat(payload, options)' do
-      let(:iat) { Time.now.to_f }
-      let(:payload) { base_payload.merge('iat' => iat) }
-
-      it 'must allow a valid iat' do
-        Verify.verify_iat(payload, options)
-      end
-
-      it 'must allow configured leeway' do
-        Verify.verify_iat(payload.merge('iat' => (iat + 60)), options.merge(leeway: 70))
-      end
-
-      it 'must properly handle integer times' do
-        Verify.verify_iat(payload.merge('iat' => Time.now.to_i), options)
-      end
-
-      it 'must raise JWT::InvalidIatError when the iat value is not Numeric' do
-        expect do
-          Verify.verify_iat(payload.merge('iat' => 'not a number'), options)
-        end.to raise_error JWT::InvalidIatError
-      end
-
-      it 'must raise JWT::InvalidIatError when the iat value is in the future' do
-        expect do
-          Verify.verify_iat(payload.merge('iat' => (iat + 120)), options)
-        end.to raise_error JWT::InvalidIatError
-      end
-    end
-
-    context '.verify_iss(payload, options)' do
-      let(:iss) { 'ruby-jwt-gem' }
-      let(:payload) { base_payload.merge('iss' => iss) }
-
-      let(:invalid_token) { JWT.encode base_payload, payload[:secret] }
-
-      it 'must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer' do
-        expect do
-          Verify.verify_iss(payload, options.merge(iss: 'mismatched-issuer'))
-        end.to raise_error JWT::InvalidIssuerError
-      end
-
-      it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
-        expect do
-          Verify.verify_iss(base_payload, options.merge(iss: iss))
-        end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
-      end
-
-      it 'must allow a matching issuer to pass' do
-        Verify.verify_iss(payload, options.merge(iss: iss))
-      end
-    end
-
-    context '.verify_jti(payload, options)' do
-      let(:payload) { base_payload.merge('jti' => 'some-random-uuid-or-whatever') }
-
-      it 'must allow any jti when the verfy_jti key in the options is truthy but not a proc' do
-        Verify.verify_jti(payload, options.merge(verify_jti: true))
-      end
-
-      it 'must raise JWT::InvalidJtiError when the jti is missing' do
-        expect do
-          Verify.verify_jti(base_payload, options)
-        end.to raise_error JWT::InvalidJtiError, /missing/i
-      end
-
-      it 'must raise JWT::InvalidJtiError when the jti is an empty string' do
-        expect do
-          Verify.verify_jti(base_payload.merge('jti' => '   '), options)
-        end.to raise_error JWT::InvalidJtiError, /missing/i
-      end
-
-      it 'must raise JWT::InvalidJtiError when verify_jti proc returns false' do
-        expect do
-          Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { false }))
-        end.to raise_error JWT::InvalidJtiError, /invalid/i
-      end
-
-      it 'true proc should not raise JWT::InvalidJtiError' do
-        Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { true }))
-      end
-    end
-
-    context '.verify_not_before(payload, options)' do
-      let(:payload) { base_payload.merge('nbf' => (Time.now.to_i + 5)) }
-
-      it 'must raise JWT::ImmatureSignature when the nbf in the payload is in the future' do
-        expect do
-          Verify.verify_not_before(payload, options)
-        end.to raise_error JWT::ImmatureSignature
-      end
-
-      it 'must allow some leeway in the token age when configured' do
-        Verify.verify_not_before(payload, options.merge(leeway: 10))
-      end
-    end
-
-    context '.verify_sub(payload, options)' do
-      let(:sub) { 'ruby jwt subject' }
-
-      it 'must raise JWT::InvalidSubError when the subjects do not match' do
-        expect do
-          Verify.verify_sub(base_payload.merge('sub' => 'not-a-match'), options.merge(sub: sub))
-        end.to raise_error JWT::InvalidSubError
-      end
-
-      it 'must allow a matching sub' do
-        Verify.verify_sub(base_payload.merge('sub' => sub), options.merge(sub: sub))
-      end
-    end
-  end
-end

data/spec/jwt_spec.rb

@@ -1,240 +0,0 @@
-require 'spec_helper'
-require 'jwt'
-require 'jwt/decode'
-
-describe JWT do
-  let(:payload) { { 'user_id' => 'some@user.tld' } }
-
-  let :data do
-    {
-      :secret => 'My$ecretK3y',
-      :rsa_private => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-private.pem'))),
-      :rsa_public => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-public.pem'))),
-      :wrong_rsa_private => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))),
-      :wrong_rsa_public => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))),
-      'ES256_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-private.pem'))),
-      'ES256_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-public.pem'))),
-      'ES384_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec384-private.pem'))),
-      'ES384_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec384-public.pem'))),
-      'ES512_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec512-private.pem'))),
-      'ES512_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec512-public.pem'))),
-      'NONE' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.',
-      'HS256' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.tCGvlClld0lbQ3NZaH8y53n5RSBr3zlS4Oy5bXqvzZQ',
-      'HS384' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzM4NCJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.sj1gc01SawlJSrPZgmveifJ8CzZRYAWjejWm4FRaGaAISESJ9Ncf12fCz2vHrITm',
-      'HS512' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.isjhsWMZpRQOWw6LKtlY4L6tMDNkLr0qZ3bQe_xRFXWhzVvJlkclTbLVa1J6Dlj2WyZ_I1jEobTaFMDoXPzwWg',
-      'RS256' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.u82QrhjZTtwve5akvfWS_4LPywbkb1Yp0nUwZJWtTW0ID7dY9rRiQF5KGj2UDLZotqRlUjyNQgE_hB5BBzICDQdCjQHQoYWE5n_D2wV4PMu7Qg3FVKoBFbf8ee6irodu10fgYxpUIZtvbWw52_6k6A9IoSLSzx_lCcxoVGdW90dUuKhBcZkDtY5WNuQg7MiDthupSL1-V4Y1jmT_7o8tLNGFiocyZfGNw4yGpEOGNvD5WePNit0xsnbj6dEquovUvSFKsMaQXp2PVDEkLOiLMcyk0RrHqrHw2eNSCquWTH8PhX5Up-CVmjQM5zF9ibkaiq8NyPtsy-7rgtbyVMqXBQ',
-      'RS384' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.2_jPwOsUWJ-3r6lXMdJGPdhLNJQSSEmY2mrDXCwNJk-2YhMIqKAzJJCbyso_A1hS7BVkXmHt54RCcNJXroZBOgmGavCcYTPMaT6sCvVVvJJ_wn7jzKHNAJfL5nWeynTQIBWmL-m_v9QpZAgPALdeqjPRv4JHePZm23kvrUgQOxef2ldXv1l6IB3zfF72uEbk9T5pKBvgeeeQ46xm_HtkpXqMdqcTHawUXeXhuiWxuWfy9pAvhm8ivxwJhiQ15-sQNBlS9lG1_gQz1xaZ_Ou_n1nhNfGwpK5HeS0AgmqsqyCOvaGHeAuAOPZ_dSC3cFKu2AP7kc6_AKBgwJzh4agkXg',
-      'RS512' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.abwof7BqTvuLkN69OhEuFTP7vjGzfvAvooQdwIRne_a88MsjCq31n4UPvyIlY9_8u69rpU79RbMsrq_UZ6L85zP83EcyYI-HOfFZgYDAL3DJ7biBD99JTzyOsH_2i_E6yCkevjEX6uL_Am_C7jpWyePJQkYzTFni6mW4W1T9UobiVGA1tIZ-XOJDPHHxZkGu6W8lKW0UCsr9Ge2SCSlTs_LDSOa34gqMC5GP89unhLqSMqEMJ_Nm6Rj0rnmk87wBZM-b04LLteWuEU59QDNa4nMTjfXW74U4hX9n5EECDPQdQMecgxlUbFunAfZaoNzP4m7H4vux2FzYkjkXhdqnnw',
-      'ES256' => '',
-      'ES384' => '',
-      'ES512' => ''
-    }
-  end
-
-  after(:each) do
-    expect(OpenSSL.errors).to be_empty
-  end
-
-  context 'alg: NONE' do
-    let(:alg) { 'none' }
-
-    it 'should generate a valid token' do
-      token = JWT.encode payload, nil, alg
-
-      expect(token).to eq data['NONE']
-    end
-
-    it 'should decode a valid token' do
-      jwt_payload, header = JWT.decode data['NONE'], nil, false
-
-      expect(header['alg']).to eq alg
-      expect(jwt_payload).to eq payload
-    end
-
-    it 'should display a better error message if payload exp is_a?(Time)' do
-      payload['exp'] = Time.now
-
-      expect do
-        JWT.encode payload, nil, alg
-      end.to raise_error JWT::InvalidPayload
-    end
-  end
-
-  %w(HS256 HS384 HS512).each do |alg|
-    context "alg: #{alg}" do
-      it 'should generate a valid token' do
-        token = JWT.encode payload, data[:secret], alg
-
-        expect(token).to eq data[alg]
-      end
-
-      it 'should decode a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data[:secret]
-
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
-
-      it 'wrong secret should raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], 'wrong_secret'
-        end.to raise_error JWT::DecodeError
-      end
-
-      it 'wrong secret and verify = false should not raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], 'wrong_secret', false
-        end.not_to raise_error
-      end
-    end
-  end
-
-  %w(RS256 RS384 RS512).each do |alg|
-    context "alg: #{alg}" do
-      it 'should generate a valid token' do
-        token = JWT.encode payload, data[:rsa_private], alg
-
-        expect(token).to eq data[alg]
-      end
-
-      it 'should decode a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data[:rsa_public]
-
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
-
-      it 'wrong key should raise JWT::DecodeError' do
-        key = OpenSSL::PKey.read File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))
-
-        expect do
-          JWT.decode data[alg], key
-        end.to raise_error JWT::DecodeError
-      end
-
-      it 'wrong key and verify = false should not raise JWT::DecodeError' do
-        key = OpenSSL::PKey.read File.read(File.join(CERT_PATH, 'rsa-2048-wrong-public.pem'))
-
-        expect do
-          JWT.decode data[alg], key, false
-        end.not_to raise_error
-      end
-    end
-  end
-
-  %w(ES256 ES384 ES512).each do |alg|
-    context "alg: #{alg}" do
-      before(:each) do
-        data[alg] = JWT.encode payload, data["#{alg}_private"], alg
-      end
-
-      let(:wrong_key) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-wrong-public.pem'))) }
-
-      it 'should generate a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"]
-
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
-
-      it 'should decode a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"]
-
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
-
-      it 'wrong key should raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], wrong_key
-        end.to raise_error JWT::DecodeError
-      end
-
-      it 'wrong key and verify = false should not raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], wrong_key, false
-        end.not_to raise_error
-      end
-    end
-  end
-
-  context 'Invalid' do
-    it 'algorithm should raise NotImplementedError' do
-      expect do
-        JWT.encode payload, 'secret', 'HS255'
-      end.to raise_error NotImplementedError
-    end
-
-    it 'ECDSA curve_name should raise JWT::IncorrectAlgorithm' do
-      key = OpenSSL::PKey::EC.new 'secp256k1'
-      key.generate_key
-
-      expect do
-        JWT.encode payload, key, 'ES256'
-      end.to raise_error JWT::IncorrectAlgorithm
-
-      token = JWT.encode payload, data['ES256_private'], 'ES256'
-      key.private_key = nil
-
-      expect do
-        JWT.decode token, key
-      end.to raise_error JWT::IncorrectAlgorithm
-    end
-  end
-
-  context 'Verify' do
-    context 'algorithm' do
-      it 'should raise JWT::IncorrectAlgorithm on missmatch' do
-        token = JWT.encode payload, data[:secret], 'HS512'
-
-        expect do
-          JWT.decode token, data[:secret], true, algorithm: 'HS384'
-        end.to raise_error JWT::IncorrectAlgorithm
-
-        expect do
-          JWT.decode token, data[:secret], true, algorithm: 'HS512'
-        end.not_to raise_error
-      end
-    end
-
-    context 'issuer claim' do
-      let(:iss) { 'ruby-jwt-gem' }
-      let(:invalid_token) { JWT.encode payload, data[:secret] }
-
-      let :token do
-        iss_payload = payload.merge(iss: iss)
-        JWT.encode iss_payload, data[:secret]
-      end
-
-      it 'if verify_iss is set to false (default option) should not raise JWT::InvalidIssuerError' do
-        expect do
-          JWT.decode token, data[:secret], true, iss: iss
-        end.not_to raise_error
-      end
-    end
-  end
-
-  context 'Base64' do
-    it 'urlsafe replace + / with - _' do
-      allow(Base64).to receive(:encode64) { 'string+with/non+url-safe/characters_' }
-      expect(JWT.base64url_encode('foo')).to eq('string-with_non-url-safe_characters_')
-    end
-  end
-
-  describe 'secure comparison' do
-    it 'returns true if strings are equal' do
-      expect(JWT.secure_compare('Foo', 'Foo')).to eq true
-    end
-
-    it 'returns false if either input is nil or empty' do
-      [nil, ''].each do |bad|
-        expect(JWT.secure_compare(bad, 'Foo')).to eq false
-        expect(JWT.secure_compare('Foo', bad)).to eq false
-      end
-    end
-
-    it 'retuns false if the strings are different' do
-      expect(JWT.secure_compare('Foo', 'Bar')).to eq false
-    end
-  end
-end

data/spec/spec_helper.rb

@@ -1,31 +0,0 @@
-require 'rspec'
-require 'simplecov'
-require 'simplecov-json'
-require 'codeclimate-test-reporter'
-
-SimpleCov.configure do
-  root File.join(File.dirname(__FILE__), '..')
-  project_name 'Ruby JWT - Ruby JSON Web Token implementation'
-  SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
-    SimpleCov::Formatter::HTMLFormatter,
-    SimpleCov::Formatter::JSONFormatter
-  ])
-
-  add_filter 'spec'
-end
-
-SimpleCov.start if ENV['COVERAGE']
-CodeClimate::TestReporter.start if ENV['CODECLIMATE_REPO_TOKEN']
-
-CERT_PATH = File.join(File.dirname(__FILE__), 'fixtures', 'certs')
-
-RSpec.configure do |config|
-  config.expect_with :rspec do |c|
-    c.syntax = [:should, :expect]
-  end
-
-  config.run_all_when_everything_filtered = true
-  config.filter_run :focus
-
-  config.order = 'random'
-end