RubyGems - jwt - Versions diffs - 2.1.0 → 2.2.3 - Mend

jwt 2.1.0 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

checksums.yaml +5 -5
data/.github/workflows/test.yml +74 -0
data/.gitignore +1 -1
data/.rspec +1 -0
data/.rubocop.yml +15 -16
data/.rubocop_todo.yml +191 -0
data/{.ebert.yml → .sourcelevel.yml} +1 -1
data/AUTHORS +101 -0
data/Appraisals +10 -0
data/CHANGELOG.md +247 -19
data/Gemfile +2 -0
data/README.md +154 -89
data/Rakefile +4 -1
data/lib/jwt.rb +9 -42
data/lib/jwt/algos.rb +44 -0
data/lib/jwt/algos/ecdsa.rb +1 -1
data/lib/jwt/algos/hmac.rb +1 -0
data/lib/jwt/algos/none.rb +15 -0
data/lib/jwt/algos/ps.rb +43 -0
data/lib/jwt/algos/unsupported.rb +5 -4
data/lib/jwt/base64.rb +19 -0
data/lib/jwt/claims_validator.rb +35 -0
data/lib/jwt/decode.rb +85 -25
data/lib/jwt/encode.rb +43 -25
data/lib/jwt/error.rb +4 -0
data/lib/jwt/json.rb +18 -0
data/lib/jwt/jwk.rb +51 -0
data/lib/jwt/jwk/ec.rb +150 -0
data/lib/jwt/jwk/hmac.rb +58 -0
data/lib/jwt/jwk/key_base.rb +18 -0
data/lib/jwt/jwk/key_finder.rb +62 -0
data/lib/jwt/jwk/rsa.rb +115 -0
data/lib/jwt/security_utils.rb +6 -0
data/lib/jwt/signature.rb +9 -20
data/lib/jwt/verify.rb +1 -5
data/lib/jwt/version.rb +2 -2
data/ruby-jwt.gemspec +4 -7
metadata +30 -109
data/.codeclimate.yml +0 -20
data/.reek.yml +0 -40
data/.travis.yml +0 -14
data/Manifest +0 -8
data/spec/fixtures/certs/ec256-private.pem +0 -8
data/spec/fixtures/certs/ec256-public.pem +0 -4
data/spec/fixtures/certs/ec256-wrong-private.pem +0 -8
data/spec/fixtures/certs/ec256-wrong-public.pem +0 -4
data/spec/fixtures/certs/ec384-private.pem +0 -9
data/spec/fixtures/certs/ec384-public.pem +0 -5
data/spec/fixtures/certs/ec384-wrong-private.pem +0 -9
data/spec/fixtures/certs/ec384-wrong-public.pem +0 -5
data/spec/fixtures/certs/ec512-private.pem +0 -10
data/spec/fixtures/certs/ec512-public.pem +0 -6
data/spec/fixtures/certs/ec512-wrong-private.pem +0 -10
data/spec/fixtures/certs/ec512-wrong-public.pem +0 -6
data/spec/fixtures/certs/rsa-1024-private.pem +0 -15
data/spec/fixtures/certs/rsa-1024-public.pem +0 -6
data/spec/fixtures/certs/rsa-2048-private.pem +0 -27
data/spec/fixtures/certs/rsa-2048-public.pem +0 -9
data/spec/fixtures/certs/rsa-2048-wrong-private.pem +0 -27
data/spec/fixtures/certs/rsa-2048-wrong-public.pem +0 -9
data/spec/fixtures/certs/rsa-4096-private.pem +0 -51
data/spec/fixtures/certs/rsa-4096-public.pem +0 -14
data/spec/integration/readme_examples_spec.rb +0 -202
data/spec/jwt/verify_spec.rb +0 -232
data/spec/jwt_spec.rb +0 -315
data/spec/spec_helper.rb +0 -28

data/lib/jwt/security_utils.rb CHANGED Viewed

@@ -20,6 +20,12 @@ module JWT
       public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
     end
+    def verify_ps(algorithm, public_key, signing_input, signature)
+      formatted_algorithm = algorithm.sub('PS', 'sha')
+      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
+    end
     def asn1_to_raw(signature, public_key)
       byte_size = (public_key.group.degree + 7) / 8
       OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join

data/lib/jwt/signature.rb CHANGED Viewed

@@ -2,11 +2,7 @@
 require 'jwt/security_utils'
 require 'openssl'
-require 'jwt/algos/hmac'
-require 'jwt/algos/eddsa'
-require 'jwt/algos/ecdsa'
-require 'jwt/algos/rsa'
-require 'jwt/algos/unsupported'
+require 'jwt/algos'
 begin
   require 'rbnacl'
 rescue LoadError
@@ -18,28 +14,21 @@ module JWT
   # Signature logic for JWT
   module Signature
     extend self
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Unsupported
-    ].freeze
     ToSign = Struct.new(:algorithm, :msg, :key)
     ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
     def sign(algorithm, msg, key)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      algo.sign ToSign.new(algorithm, msg, key)
+      algo, code = Algos.find(algorithm)
+      algo.sign ToSign.new(code, msg, key)
     end
     def verify(algorithm, key, signing_input, signature)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
+      return true if algorithm.casecmp('none').zero?
+      raise JWT::DecodeError, 'No verification key available' unless key
+      algo, code = Algos.find(algorithm)
+      verified = algo.verify(ToVerify.new(code, key, signing_input, signature))
       raise(JWT::VerificationError, 'Signature verification raised') unless verified
     rescue OpenSSL::PKey::PKeyError
       raise JWT::VerificationError, 'Signature verification raised'

data/lib/jwt/verify.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module JWT
       return unless @payload.include?('iat')
       iat = @payload['iat']
-      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > (Time.now.to_f + iat_leeway)
+      raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
     end
     def verify_iss
@@ -91,10 +91,6 @@ module JWT
       @options[:exp_leeway] || global_leeway
     end
-    def iat_leeway
-      @options[:iat_leeway] || global_leeway
-    end
     def nbf_leeway
       @options[:nbf_leeway] || global_leeway
     end

data/lib/jwt/version.rb CHANGED Viewed

@@ -12,9 +12,9 @@ module JWT
     # major version
     MAJOR = 2
     # minor version
-    MINOR = 1
+    MINOR = 2
     # tiny version
-    TINY  = 0
+    TINY  = 3
     # alpha, beta, etc. tag
     PRE   = nil

data/ruby-jwt.gemspec CHANGED Viewed

@@ -11,21 +11,18 @@ Gem::Specification.new do |spec|
   spec.email = 'timrudat@gmail.com'
   spec.summary = 'JSON Web Token implementation in Ruby'
   spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
-  spec.homepage = 'http://github.com/jwt/ruby-jwt'
+  spec.homepage = 'https://github.com/jwt/ruby-jwt'
   spec.license = 'MIT'
   spec.required_ruby_version = '>= 2.1'
-  spec.files = `git ls-files -z`.split("\x0")
-  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
+  spec.executables = []
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
+  spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'simplecov-json'
-  spec.add_development_dependency 'codeclimate-test-reporter'
-  spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rbnacl'
 end

metadata CHANGED Viewed

@@ -1,31 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.3
 platform: ruby
 authors:
 - Tim Rudat
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-06 00:00:00.000000000 Z
+date: 2021-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,35 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov-json
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codacy-coverage
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rbnacl
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -129,63 +87,51 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".ebert.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
-- ".reek.yml"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- ".rubocop_todo.yml"
+- ".sourcelevel.yml"
+- AUTHORS
+- Appraisals
 - CHANGELOG.md
 - Gemfile
 - LICENSE
-- Manifest
 - README.md
 - Rakefile
 - lib/jwt.rb
+- lib/jwt/algos.rb
 - lib/jwt/algos/ecdsa.rb
 - lib/jwt/algos/eddsa.rb
 - lib/jwt/algos/hmac.rb
+- lib/jwt/algos/none.rb
+- lib/jwt/algos/ps.rb
 - lib/jwt/algos/rsa.rb
 - lib/jwt/algos/unsupported.rb
+- lib/jwt/base64.rb
+- lib/jwt/claims_validator.rb
 - lib/jwt/decode.rb
 - lib/jwt/default_options.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
+- lib/jwt/json.rb
+- lib/jwt/jwk.rb
+- lib/jwt/jwk/ec.rb
+- lib/jwt/jwk/hmac.rb
+- lib/jwt/jwk/key_base.rb
+- lib/jwt/jwk/key_finder.rb
+- lib/jwt/jwk/rsa.rb
 - lib/jwt/security_utils.rb
 - lib/jwt/signature.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
 - ruby-jwt.gemspec
-- spec/fixtures/certs/ec256-private.pem
-- spec/fixtures/certs/ec256-public.pem
-- spec/fixtures/certs/ec256-wrong-private.pem
-- spec/fixtures/certs/ec256-wrong-public.pem
-- spec/fixtures/certs/ec384-private.pem
-- spec/fixtures/certs/ec384-public.pem
-- spec/fixtures/certs/ec384-wrong-private.pem
-- spec/fixtures/certs/ec384-wrong-public.pem
-- spec/fixtures/certs/ec512-private.pem
-- spec/fixtures/certs/ec512-public.pem
-- spec/fixtures/certs/ec512-wrong-private.pem
-- spec/fixtures/certs/ec512-wrong-public.pem
-- spec/fixtures/certs/rsa-1024-private.pem
-- spec/fixtures/certs/rsa-1024-public.pem
-- spec/fixtures/certs/rsa-2048-private.pem
-- spec/fixtures/certs/rsa-2048-public.pem
-- spec/fixtures/certs/rsa-2048-wrong-private.pem
-- spec/fixtures/certs/rsa-2048-wrong-public.pem
-- spec/fixtures/certs/rsa-4096-private.pem
-- spec/fixtures/certs/rsa-4096-public.pem
-- spec/integration/readme_examples_spec.rb
-- spec/jwt/verify_spec.rb
-- spec/jwt_spec.rb
-- spec/spec_helper.rb
-homepage: http://github.com/jwt/ruby-jwt
+homepage: https://github.com/jwt/ruby-jwt
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -200,33 +146,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
-signing_key:
+rubygems_version: 3.2.16
+signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
-test_files:
-- spec/fixtures/certs/ec256-private.pem
-- spec/fixtures/certs/ec256-public.pem
-- spec/fixtures/certs/ec256-wrong-private.pem
-- spec/fixtures/certs/ec256-wrong-public.pem
-- spec/fixtures/certs/ec384-private.pem
-- spec/fixtures/certs/ec384-public.pem
-- spec/fixtures/certs/ec384-wrong-private.pem
-- spec/fixtures/certs/ec384-wrong-public.pem
-- spec/fixtures/certs/ec512-private.pem
-- spec/fixtures/certs/ec512-public.pem
-- spec/fixtures/certs/ec512-wrong-private.pem
-- spec/fixtures/certs/ec512-wrong-public.pem
-- spec/fixtures/certs/rsa-1024-private.pem
-- spec/fixtures/certs/rsa-1024-public.pem
-- spec/fixtures/certs/rsa-2048-private.pem
-- spec/fixtures/certs/rsa-2048-public.pem
-- spec/fixtures/certs/rsa-2048-wrong-private.pem
-- spec/fixtures/certs/rsa-2048-wrong-public.pem
-- spec/fixtures/certs/rsa-4096-private.pem
-- spec/fixtures/certs/rsa-4096-public.pem
-- spec/integration/readme_examples_spec.rb
-- spec/jwt/verify_spec.rb
-- spec/jwt_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.codeclimate.yml DELETED Viewed

@@ -1,20 +0,0 @@
-engines:
-  rubocop:
-    enabled: true
-  golint:
-    enabled: false
-  gofmt:
-    enabled: false
-  eslint:
-    enabled: false
-  csslint:
-    enabled: false
-ratings:
-  paths:
-    - lib/**
-    - "**.rb"
-exclude_paths:
-  - spec/**/*
-  - vendor/**/*

data/.reek.yml DELETED Viewed

@@ -1,40 +0,0 @@
----
-TooManyStatements:
-  max_statements: 10
-UncommunicativeMethodName:
-  reject:
-  - !ruby/regexp /^[a-z]$/
-  - !ruby/regexp /[0-9]$/
-UncommunicativeParameterName:
-  reject:
-  - !ruby/regexp /^.$/
-  - !ruby/regexp /[0-9]$/
-  - !ruby/regexp /^_/
-UncommunicativeVariableName:
-  reject:
-  - !ruby/regexp /^.$/
-  - !ruby/regexp /[0-9]$/
-UtilityFunction:
-  enabled: false
-LongParameterList:
-  enabled: false
-DuplicateMethodCall:
-  max_calls: 2
-IrresponsibleModule:
-  enabled: false
-NestedIterators:
-  max_allowed_nesting: 2
-PrimaDonnaMethod:
-  enabled: false
-UnusedParameters:
-  enabled: false
-FeatureEnvy:
-  enabled: false
-ControlParameter:
-  enabled: false
-UnusedPrivateMethod:
-  enabled: false
-InstanceVariableAssumption:
-  exclude:
-    - !ruby/regexp /Controller$/
-    - !ruby/regexp /Mailer$/s

data/.travis.yml DELETED Viewed

@@ -1,14 +0,0 @@
-sudo: required
-cache: bundler
-dist: trusty
-language: ruby
-rvm:
-  - 2.2.0
-  - 2.3.0
-  - 2.4.0
-script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
-before_install:
-  - sudo add-apt-repository ppa:chris-lea/libsodium -y
-  - sudo apt-get update -q
-  - sudo apt-get install libsodium-dev -y
-  - gem install bundler

data/Manifest DELETED Viewed

@@ -1,8 +0,0 @@
-Rakefile
-README.md
-LICENSE
-lib/jwt.rb
-lib/jwt/json.rb
-spec/spec_helper.rb
-spec/jwt_spec.rb
-Manifest

data/spec/fixtures/certs/ec256-private.pem DELETED Viewed

@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIJmVse5uPfj6B4TcXrUAvf9/8pJh+KrKKYLNcmOnp/vPoAoGCCqGSM49
-AwEHoUQDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc/DX1wuhIMu8dQzOLSt0tpqK9
-MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
------END EC PRIVATE KEY-----

data/spec/fixtures/certs/ec256-public.pem DELETED Viewed

@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc
-/DX1wuhIMu8dQzOLSt0tpqK9MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
------END PUBLIC KEY-----