jwt 2.1.0 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +5 -5
  2. data/.github/workflows/test.yml +74 -0
  3. data/.gitignore +1 -1
  4. data/.rspec +1 -0
  5. data/.rubocop.yml +15 -16
  6. data/.rubocop_todo.yml +191 -0
  7. data/{.ebert.yml → .sourcelevel.yml} +1 -1
  8. data/AUTHORS +101 -0
  9. data/Appraisals +10 -0
  10. data/CHANGELOG.md +247 -19
  11. data/Gemfile +2 -0
  12. data/README.md +154 -89
  13. data/Rakefile +4 -1
  14. data/lib/jwt.rb +9 -42
  15. data/lib/jwt/algos.rb +44 -0
  16. data/lib/jwt/algos/ecdsa.rb +1 -1
  17. data/lib/jwt/algos/hmac.rb +1 -0
  18. data/lib/jwt/algos/none.rb +15 -0
  19. data/lib/jwt/algos/ps.rb +43 -0
  20. data/lib/jwt/algos/unsupported.rb +5 -4
  21. data/lib/jwt/base64.rb +19 -0
  22. data/lib/jwt/claims_validator.rb +35 -0
  23. data/lib/jwt/decode.rb +85 -25
  24. data/lib/jwt/encode.rb +43 -25
  25. data/lib/jwt/error.rb +4 -0
  26. data/lib/jwt/json.rb +18 -0
  27. data/lib/jwt/jwk.rb +51 -0
  28. data/lib/jwt/jwk/ec.rb +150 -0
  29. data/lib/jwt/jwk/hmac.rb +58 -0
  30. data/lib/jwt/jwk/key_base.rb +18 -0
  31. data/lib/jwt/jwk/key_finder.rb +62 -0
  32. data/lib/jwt/jwk/rsa.rb +115 -0
  33. data/lib/jwt/security_utils.rb +6 -0
  34. data/lib/jwt/signature.rb +9 -20
  35. data/lib/jwt/verify.rb +1 -5
  36. data/lib/jwt/version.rb +2 -2
  37. data/ruby-jwt.gemspec +4 -7
  38. metadata +30 -109
  39. data/.codeclimate.yml +0 -20
  40. data/.reek.yml +0 -40
  41. data/.travis.yml +0 -14
  42. data/Manifest +0 -8
  43. data/spec/fixtures/certs/ec256-private.pem +0 -8
  44. data/spec/fixtures/certs/ec256-public.pem +0 -4
  45. data/spec/fixtures/certs/ec256-wrong-private.pem +0 -8
  46. data/spec/fixtures/certs/ec256-wrong-public.pem +0 -4
  47. data/spec/fixtures/certs/ec384-private.pem +0 -9
  48. data/spec/fixtures/certs/ec384-public.pem +0 -5
  49. data/spec/fixtures/certs/ec384-wrong-private.pem +0 -9
  50. data/spec/fixtures/certs/ec384-wrong-public.pem +0 -5
  51. data/spec/fixtures/certs/ec512-private.pem +0 -10
  52. data/spec/fixtures/certs/ec512-public.pem +0 -6
  53. data/spec/fixtures/certs/ec512-wrong-private.pem +0 -10
  54. data/spec/fixtures/certs/ec512-wrong-public.pem +0 -6
  55. data/spec/fixtures/certs/rsa-1024-private.pem +0 -15
  56. data/spec/fixtures/certs/rsa-1024-public.pem +0 -6
  57. data/spec/fixtures/certs/rsa-2048-private.pem +0 -27
  58. data/spec/fixtures/certs/rsa-2048-public.pem +0 -9
  59. data/spec/fixtures/certs/rsa-2048-wrong-private.pem +0 -27
  60. data/spec/fixtures/certs/rsa-2048-wrong-public.pem +0 -9
  61. data/spec/fixtures/certs/rsa-4096-private.pem +0 -51
  62. data/spec/fixtures/certs/rsa-4096-public.pem +0 -14
  63. data/spec/integration/readme_examples_spec.rb +0 -202
  64. data/spec/jwt/verify_spec.rb +0 -232
  65. data/spec/jwt_spec.rb +0 -315
  66. data/spec/spec_helper.rb +0 -28
@@ -20,6 +20,12 @@ module JWT
20
20
  public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
21
21
  end
22
22
 
23
+ def verify_ps(algorithm, public_key, signing_input, signature)
24
+ formatted_algorithm = algorithm.sub('PS', 'sha')
25
+
26
+ public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
27
+ end
28
+
23
29
  def asn1_to_raw(signature, public_key)
24
30
  byte_size = (public_key.group.degree + 7) / 8
25
31
  OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
data/lib/jwt/signature.rb CHANGED
@@ -2,11 +2,7 @@
2
2
 
3
3
  require 'jwt/security_utils'
4
4
  require 'openssl'
5
- require 'jwt/algos/hmac'
6
- require 'jwt/algos/eddsa'
7
- require 'jwt/algos/ecdsa'
8
- require 'jwt/algos/rsa'
9
- require 'jwt/algos/unsupported'
5
+ require 'jwt/algos'
10
6
  begin
11
7
  require 'rbnacl'
12
8
  rescue LoadError
@@ -18,28 +14,21 @@ module JWT
18
14
  # Signature logic for JWT
19
15
  module Signature
20
16
  extend self
21
- ALGOS = [
22
- Algos::Hmac,
23
- Algos::Ecdsa,
24
- Algos::Rsa,
25
- Algos::Eddsa,
26
- Algos::Unsupported
27
- ].freeze
28
17
  ToSign = Struct.new(:algorithm, :msg, :key)
29
18
  ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
30
19
 
31
20
  def sign(algorithm, msg, key)
32
- algo = ALGOS.find do |alg|
33
- alg.const_get(:SUPPORTED).include? algorithm
34
- end
35
- algo.sign ToSign.new(algorithm, msg, key)
21
+ algo, code = Algos.find(algorithm)
22
+ algo.sign ToSign.new(code, msg, key)
36
23
  end
37
24
 
38
25
  def verify(algorithm, key, signing_input, signature)
39
- algo = ALGOS.find do |alg|
40
- alg.const_get(:SUPPORTED).include? algorithm
41
- end
42
- verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
26
+ return true if algorithm.casecmp('none').zero?
27
+
28
+ raise JWT::DecodeError, 'No verification key available' unless key
29
+
30
+ algo, code = Algos.find(algorithm)
31
+ verified = algo.verify(ToVerify.new(code, key, signing_input, signature))
43
32
  raise(JWT::VerificationError, 'Signature verification raised') unless verified
44
33
  rescue OpenSSL::PKey::PKeyError
45
34
  raise JWT::VerificationError, 'Signature verification raised'
data/lib/jwt/verify.rb CHANGED
@@ -45,7 +45,7 @@ module JWT
45
45
  return unless @payload.include?('iat')
46
46
 
47
47
  iat = @payload['iat']
48
- raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > (Time.now.to_f + iat_leeway)
48
+ raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
49
49
  end
50
50
 
51
51
  def verify_iss
@@ -91,10 +91,6 @@ module JWT
91
91
  @options[:exp_leeway] || global_leeway
92
92
  end
93
93
 
94
- def iat_leeway
95
- @options[:iat_leeway] || global_leeway
96
- end
97
-
98
94
  def nbf_leeway
99
95
  @options[:nbf_leeway] || global_leeway
100
96
  end
data/lib/jwt/version.rb CHANGED
@@ -12,9 +12,9 @@ module JWT
12
12
  # major version
13
13
  MAJOR = 2
14
14
  # minor version
15
- MINOR = 1
15
+ MINOR = 2
16
16
  # tiny version
17
- TINY = 0
17
+ TINY = 3
18
18
  # alpha, beta, etc. tag
19
19
  PRE = nil
20
20
 
data/ruby-jwt.gemspec CHANGED
@@ -11,21 +11,18 @@ Gem::Specification.new do |spec|
11
11
  spec.email = 'timrudat@gmail.com'
12
12
  spec.summary = 'JSON Web Token implementation in Ruby'
13
13
  spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
14
- spec.homepage = 'http://github.com/jwt/ruby-jwt'
14
+ spec.homepage = 'https://github.com/jwt/ruby-jwt'
15
15
  spec.license = 'MIT'
16
16
  spec.required_ruby_version = '>= 2.1'
17
17
 
18
- spec.files = `git ls-files -z`.split("\x0")
19
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
19
+ spec.executables = []
20
20
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
21
21
  spec.require_paths = %w[lib]
22
22
 
23
+ spec.add_development_dependency 'appraisal'
23
24
  spec.add_development_dependency 'bundler'
24
25
  spec.add_development_dependency 'rake'
25
26
  spec.add_development_dependency 'rspec'
26
27
  spec.add_development_dependency 'simplecov'
27
- spec.add_development_dependency 'simplecov-json'
28
- spec.add_development_dependency 'codeclimate-test-reporter'
29
- spec.add_development_dependency 'codacy-coverage'
30
- spec.add_development_dependency 'rbnacl'
31
28
  end
metadata CHANGED
@@ -1,31 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Rudat
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-06 00:00:00.000000000 Z
11
+ date: 2021-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: bundler
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - ">="
18
- - !ruby/object:Gem::Version
19
- version: '0'
20
- type: :development
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - ">="
25
- - !ruby/object:Gem::Version
26
- version: '0'
27
- - !ruby/object:Gem::Dependency
28
- name: rake
14
+ name: appraisal
29
15
  requirement: !ruby/object:Gem::Requirement
30
16
  requirements:
31
17
  - - ">="
@@ -39,35 +25,7 @@ dependencies:
39
25
  - !ruby/object:Gem::Version
40
26
  version: '0'
41
27
  - !ruby/object:Gem::Dependency
42
- name: rspec
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
- - !ruby/object:Gem::Dependency
56
- name: simplecov
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - ">="
60
- - !ruby/object:Gem::Version
61
- version: '0'
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - ">="
67
- - !ruby/object:Gem::Version
68
- version: '0'
69
- - !ruby/object:Gem::Dependency
70
- name: simplecov-json
28
+ name: bundler
71
29
  requirement: !ruby/object:Gem::Requirement
72
30
  requirements:
73
31
  - - ">="
@@ -81,7 +39,7 @@ dependencies:
81
39
  - !ruby/object:Gem::Version
82
40
  version: '0'
83
41
  - !ruby/object:Gem::Dependency
84
- name: codeclimate-test-reporter
42
+ name: rake
85
43
  requirement: !ruby/object:Gem::Requirement
86
44
  requirements:
87
45
  - - ">="
@@ -95,7 +53,7 @@ dependencies:
95
53
  - !ruby/object:Gem::Version
96
54
  version: '0'
97
55
  - !ruby/object:Gem::Dependency
98
- name: codacy-coverage
56
+ name: rspec
99
57
  requirement: !ruby/object:Gem::Requirement
100
58
  requirements:
101
59
  - - ">="
@@ -109,7 +67,7 @@ dependencies:
109
67
  - !ruby/object:Gem::Version
110
68
  version: '0'
111
69
  - !ruby/object:Gem::Dependency
112
- name: rbnacl
70
+ name: simplecov
113
71
  requirement: !ruby/object:Gem::Requirement
114
72
  requirements:
115
73
  - - ">="
@@ -129,63 +87,51 @@ executables: []
129
87
  extensions: []
130
88
  extra_rdoc_files: []
131
89
  files:
132
- - ".codeclimate.yml"
133
- - ".ebert.yml"
90
+ - ".github/workflows/test.yml"
134
91
  - ".gitignore"
135
- - ".reek.yml"
136
92
  - ".rspec"
137
93
  - ".rubocop.yml"
138
- - ".travis.yml"
94
+ - ".rubocop_todo.yml"
95
+ - ".sourcelevel.yml"
96
+ - AUTHORS
97
+ - Appraisals
139
98
  - CHANGELOG.md
140
99
  - Gemfile
141
100
  - LICENSE
142
- - Manifest
143
101
  - README.md
144
102
  - Rakefile
145
103
  - lib/jwt.rb
104
+ - lib/jwt/algos.rb
146
105
  - lib/jwt/algos/ecdsa.rb
147
106
  - lib/jwt/algos/eddsa.rb
148
107
  - lib/jwt/algos/hmac.rb
108
+ - lib/jwt/algos/none.rb
109
+ - lib/jwt/algos/ps.rb
149
110
  - lib/jwt/algos/rsa.rb
150
111
  - lib/jwt/algos/unsupported.rb
112
+ - lib/jwt/base64.rb
113
+ - lib/jwt/claims_validator.rb
151
114
  - lib/jwt/decode.rb
152
115
  - lib/jwt/default_options.rb
153
116
  - lib/jwt/encode.rb
154
117
  - lib/jwt/error.rb
118
+ - lib/jwt/json.rb
119
+ - lib/jwt/jwk.rb
120
+ - lib/jwt/jwk/ec.rb
121
+ - lib/jwt/jwk/hmac.rb
122
+ - lib/jwt/jwk/key_base.rb
123
+ - lib/jwt/jwk/key_finder.rb
124
+ - lib/jwt/jwk/rsa.rb
155
125
  - lib/jwt/security_utils.rb
156
126
  - lib/jwt/signature.rb
157
127
  - lib/jwt/verify.rb
158
128
  - lib/jwt/version.rb
159
129
  - ruby-jwt.gemspec
160
- - spec/fixtures/certs/ec256-private.pem
161
- - spec/fixtures/certs/ec256-public.pem
162
- - spec/fixtures/certs/ec256-wrong-private.pem
163
- - spec/fixtures/certs/ec256-wrong-public.pem
164
- - spec/fixtures/certs/ec384-private.pem
165
- - spec/fixtures/certs/ec384-public.pem
166
- - spec/fixtures/certs/ec384-wrong-private.pem
167
- - spec/fixtures/certs/ec384-wrong-public.pem
168
- - spec/fixtures/certs/ec512-private.pem
169
- - spec/fixtures/certs/ec512-public.pem
170
- - spec/fixtures/certs/ec512-wrong-private.pem
171
- - spec/fixtures/certs/ec512-wrong-public.pem
172
- - spec/fixtures/certs/rsa-1024-private.pem
173
- - spec/fixtures/certs/rsa-1024-public.pem
174
- - spec/fixtures/certs/rsa-2048-private.pem
175
- - spec/fixtures/certs/rsa-2048-public.pem
176
- - spec/fixtures/certs/rsa-2048-wrong-private.pem
177
- - spec/fixtures/certs/rsa-2048-wrong-public.pem
178
- - spec/fixtures/certs/rsa-4096-private.pem
179
- - spec/fixtures/certs/rsa-4096-public.pem
180
- - spec/integration/readme_examples_spec.rb
181
- - spec/jwt/verify_spec.rb
182
- - spec/jwt_spec.rb
183
- - spec/spec_helper.rb
184
- homepage: http://github.com/jwt/ruby-jwt
130
+ homepage: https://github.com/jwt/ruby-jwt
185
131
  licenses:
186
132
  - MIT
187
133
  metadata: {}
188
- post_install_message:
134
+ post_install_message:
189
135
  rdoc_options: []
190
136
  require_paths:
191
137
  - lib
@@ -200,33 +146,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
200
146
  - !ruby/object:Gem::Version
201
147
  version: '0'
202
148
  requirements: []
203
- rubyforge_project:
204
- rubygems_version: 2.6.13
205
- signing_key:
149
+ rubygems_version: 3.2.16
150
+ signing_key:
206
151
  specification_version: 4
207
152
  summary: JSON Web Token implementation in Ruby
208
- test_files:
209
- - spec/fixtures/certs/ec256-private.pem
210
- - spec/fixtures/certs/ec256-public.pem
211
- - spec/fixtures/certs/ec256-wrong-private.pem
212
- - spec/fixtures/certs/ec256-wrong-public.pem
213
- - spec/fixtures/certs/ec384-private.pem
214
- - spec/fixtures/certs/ec384-public.pem
215
- - spec/fixtures/certs/ec384-wrong-private.pem
216
- - spec/fixtures/certs/ec384-wrong-public.pem
217
- - spec/fixtures/certs/ec512-private.pem
218
- - spec/fixtures/certs/ec512-public.pem
219
- - spec/fixtures/certs/ec512-wrong-private.pem
220
- - spec/fixtures/certs/ec512-wrong-public.pem
221
- - spec/fixtures/certs/rsa-1024-private.pem
222
- - spec/fixtures/certs/rsa-1024-public.pem
223
- - spec/fixtures/certs/rsa-2048-private.pem
224
- - spec/fixtures/certs/rsa-2048-public.pem
225
- - spec/fixtures/certs/rsa-2048-wrong-private.pem
226
- - spec/fixtures/certs/rsa-2048-wrong-public.pem
227
- - spec/fixtures/certs/rsa-4096-private.pem
228
- - spec/fixtures/certs/rsa-4096-public.pem
229
- - spec/integration/readme_examples_spec.rb
230
- - spec/jwt/verify_spec.rb
231
- - spec/jwt_spec.rb
232
- - spec/spec_helper.rb
153
+ test_files: []
data/.codeclimate.yml DELETED
@@ -1,20 +0,0 @@
1
- engines:
2
- rubocop:
3
- enabled: true
4
- golint:
5
- enabled: false
6
- gofmt:
7
- enabled: false
8
- eslint:
9
- enabled: false
10
- csslint:
11
- enabled: false
12
-
13
- ratings:
14
- paths:
15
- - lib/**
16
- - "**.rb"
17
-
18
- exclude_paths:
19
- - spec/**/*
20
- - vendor/**/*
data/.reek.yml DELETED
@@ -1,40 +0,0 @@
1
- ---
2
- TooManyStatements:
3
- max_statements: 10
4
- UncommunicativeMethodName:
5
- reject:
6
- - !ruby/regexp /^[a-z]$/
7
- - !ruby/regexp /[0-9]$/
8
- UncommunicativeParameterName:
9
- reject:
10
- - !ruby/regexp /^.$/
11
- - !ruby/regexp /[0-9]$/
12
- - !ruby/regexp /^_/
13
- UncommunicativeVariableName:
14
- reject:
15
- - !ruby/regexp /^.$/
16
- - !ruby/regexp /[0-9]$/
17
- UtilityFunction:
18
- enabled: false
19
- LongParameterList:
20
- enabled: false
21
- DuplicateMethodCall:
22
- max_calls: 2
23
- IrresponsibleModule:
24
- enabled: false
25
- NestedIterators:
26
- max_allowed_nesting: 2
27
- PrimaDonnaMethod:
28
- enabled: false
29
- UnusedParameters:
30
- enabled: false
31
- FeatureEnvy:
32
- enabled: false
33
- ControlParameter:
34
- enabled: false
35
- UnusedPrivateMethod:
36
- enabled: false
37
- InstanceVariableAssumption:
38
- exclude:
39
- - !ruby/regexp /Controller$/
40
- - !ruby/regexp /Mailer$/s
data/.travis.yml DELETED
@@ -1,14 +0,0 @@
1
- sudo: required
2
- cache: bundler
3
- dist: trusty
4
- language: ruby
5
- rvm:
6
- - 2.2.0
7
- - 2.3.0
8
- - 2.4.0
9
- script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
10
- before_install:
11
- - sudo add-apt-repository ppa:chris-lea/libsodium -y
12
- - sudo apt-get update -q
13
- - sudo apt-get install libsodium-dev -y
14
- - gem install bundler
data/Manifest DELETED
@@ -1,8 +0,0 @@
1
- Rakefile
2
- README.md
3
- LICENSE
4
- lib/jwt.rb
5
- lib/jwt/json.rb
6
- spec/spec_helper.rb
7
- spec/jwt_spec.rb
8
- Manifest
@@ -1,8 +0,0 @@
1
- -----BEGIN EC PARAMETERS-----
2
- BggqhkjOPQMBBw==
3
- -----END EC PARAMETERS-----
4
- -----BEGIN EC PRIVATE KEY-----
5
- MHcCAQEEIJmVse5uPfj6B4TcXrUAvf9/8pJh+KrKKYLNcmOnp/vPoAoGCCqGSM49
6
- AwEHoUQDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc/DX1wuhIMu8dQzOLSt0tpqK9
7
- MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
8
- -----END EC PRIVATE KEY-----
@@ -1,4 +0,0 @@
1
- -----BEGIN PUBLIC KEY-----
2
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAr+WbDE5VtIDGhtYMxvEc6cMsDBc
3
- /DX1wuhIMu8dQzOLSt0tpqK9MVfXbVfrKdayVFgoWzs8MilcYq0QIhKx/w==
4
- -----END PUBLIC KEY-----