jwt 2.2.2 → 2.2.3

Sign up to get free protection for your applications and to get access to all the features.
data/lib/jwt/signature.rb CHANGED
@@ -2,12 +2,7 @@
2
2
 
3
3
  require 'jwt/security_utils'
4
4
  require 'openssl'
5
- require 'jwt/algos/hmac'
6
- require 'jwt/algos/eddsa'
7
- require 'jwt/algos/ecdsa'
8
- require 'jwt/algos/rsa'
9
- require 'jwt/algos/ps'
10
- require 'jwt/algos/unsupported'
5
+ require 'jwt/algos'
11
6
  begin
12
7
  require 'rbnacl'
13
8
  rescue LoadError
@@ -19,31 +14,21 @@ module JWT
19
14
  # Signature logic for JWT
20
15
  module Signature
21
16
  extend self
22
- ALGOS = [
23
- Algos::Hmac,
24
- Algos::Ecdsa,
25
- Algos::Rsa,
26
- Algos::Eddsa,
27
- Algos::Ps,
28
- Algos::Unsupported
29
- ].freeze
30
17
  ToSign = Struct.new(:algorithm, :msg, :key)
31
18
  ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
32
19
 
33
20
  def sign(algorithm, msg, key)
34
- algo = ALGOS.find do |alg|
35
- alg.const_get(:SUPPORTED).include? algorithm
36
- end
37
- algo.sign ToSign.new(algorithm, msg, key)
21
+ algo, code = Algos.find(algorithm)
22
+ algo.sign ToSign.new(code, msg, key)
38
23
  end
39
24
 
40
25
  def verify(algorithm, key, signing_input, signature)
26
+ return true if algorithm.casecmp('none').zero?
27
+
41
28
  raise JWT::DecodeError, 'No verification key available' unless key
42
29
 
43
- algo = ALGOS.find do |alg|
44
- alg.const_get(:SUPPORTED).include? algorithm
45
- end
46
- verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
30
+ algo, code = Algos.find(algorithm)
31
+ verified = algo.verify(ToVerify.new(code, key, signing_input, signature))
47
32
  raise(JWT::VerificationError, 'Signature verification raised') unless verified
48
33
  rescue OpenSSL::PKey::PKeyError
49
34
  raise JWT::VerificationError, 'Signature verification raised'
data/lib/jwt/version.rb CHANGED
@@ -14,7 +14,7 @@ module JWT
14
14
  # minor version
15
15
  MINOR = 2
16
16
  # tiny version
17
- TINY = 2
17
+ TINY = 3
18
18
  # alpha, beta, etc. tag
19
19
  PRE = nil
20
20
 
data/ruby-jwt.gemspec CHANGED
@@ -24,11 +24,5 @@ Gem::Specification.new do |spec|
24
24
  spec.add_development_dependency 'bundler'
25
25
  spec.add_development_dependency 'rake'
26
26
  spec.add_development_dependency 'rspec'
27
- spec.add_development_dependency 'simplecov', '< 0.18'
28
- spec.add_development_dependency 'simplecov-json'
29
- spec.add_development_dependency 'codeclimate-test-reporter'
30
- spec.add_development_dependency 'codacy-coverage'
31
- spec.add_development_dependency 'rbnacl'
32
- # RSASSA-PSS support provided by OpenSSL +2.1
33
- spec.add_development_dependency 'openssl', '~> 2.1'
27
+ spec.add_development_dependency 'simplecov'
34
28
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 2.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Rudat
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-18 00:00:00.000000000 Z
11
+ date: 2021-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: appraisal
@@ -68,20 +68,6 @@ dependencies:
68
68
  version: '0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: simplecov
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - "<"
74
- - !ruby/object:Gem::Version
75
- version: '0.18'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "<"
81
- - !ruby/object:Gem::Version
82
- version: '0.18'
83
- - !ruby/object:Gem::Dependency
84
- name: simplecov-json
85
71
  requirement: !ruby/object:Gem::Requirement
86
72
  requirements:
87
73
  - - ">="
@@ -94,62 +80,6 @@ dependencies:
94
80
  - - ">="
95
81
  - !ruby/object:Gem::Version
96
82
  version: '0'
97
- - !ruby/object:Gem::Dependency
98
- name: codeclimate-test-reporter
99
- requirement: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - ">="
102
- - !ruby/object:Gem::Version
103
- version: '0'
104
- type: :development
105
- prerelease: false
106
- version_requirements: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - ">="
109
- - !ruby/object:Gem::Version
110
- version: '0'
111
- - !ruby/object:Gem::Dependency
112
- name: codacy-coverage
113
- requirement: !ruby/object:Gem::Requirement
114
- requirements:
115
- - - ">="
116
- - !ruby/object:Gem::Version
117
- version: '0'
118
- type: :development
119
- prerelease: false
120
- version_requirements: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - ">="
123
- - !ruby/object:Gem::Version
124
- version: '0'
125
- - !ruby/object:Gem::Dependency
126
- name: rbnacl
127
- requirement: !ruby/object:Gem::Requirement
128
- requirements:
129
- - - ">="
130
- - !ruby/object:Gem::Version
131
- version: '0'
132
- type: :development
133
- prerelease: false
134
- version_requirements: !ruby/object:Gem::Requirement
135
- requirements:
136
- - - ">="
137
- - !ruby/object:Gem::Version
138
- version: '0'
139
- - !ruby/object:Gem::Dependency
140
- name: openssl
141
- requirement: !ruby/object:Gem::Requirement
142
- requirements:
143
- - - "~>"
144
- - !ruby/object:Gem::Version
145
- version: '2.1'
146
- type: :development
147
- prerelease: false
148
- version_requirements: !ruby/object:Gem::Requirement
149
- requirements:
150
- - - "~>"
151
- - !ruby/object:Gem::Version
152
- version: '2.1'
153
83
  description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT)
154
84
  standard.
155
85
  email: timrudat@gmail.com
@@ -157,12 +87,12 @@ executables: []
157
87
  extensions: []
158
88
  extra_rdoc_files: []
159
89
  files:
160
- - ".codeclimate.yml"
161
- - ".ebert.yml"
90
+ - ".github/workflows/test.yml"
162
91
  - ".gitignore"
163
92
  - ".rspec"
164
93
  - ".rubocop.yml"
165
- - ".travis.yml"
94
+ - ".rubocop_todo.yml"
95
+ - ".sourcelevel.yml"
166
96
  - AUTHORS
167
97
  - Appraisals
168
98
  - CHANGELOG.md
@@ -171,9 +101,11 @@ files:
171
101
  - README.md
172
102
  - Rakefile
173
103
  - lib/jwt.rb
104
+ - lib/jwt/algos.rb
174
105
  - lib/jwt/algos/ecdsa.rb
175
106
  - lib/jwt/algos/eddsa.rb
176
107
  - lib/jwt/algos/hmac.rb
108
+ - lib/jwt/algos/none.rb
177
109
  - lib/jwt/algos/ps.rb
178
110
  - lib/jwt/algos/rsa.rb
179
111
  - lib/jwt/algos/unsupported.rb
@@ -185,6 +117,9 @@ files:
185
117
  - lib/jwt/error.rb
186
118
  - lib/jwt/json.rb
187
119
  - lib/jwt/jwk.rb
120
+ - lib/jwt/jwk/ec.rb
121
+ - lib/jwt/jwk/hmac.rb
122
+ - lib/jwt/jwk/key_base.rb
188
123
  - lib/jwt/jwk/key_finder.rb
189
124
  - lib/jwt/jwk/rsa.rb
190
125
  - lib/jwt/security_utils.rb
@@ -211,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
211
146
  - !ruby/object:Gem::Version
212
147
  version: '0'
213
148
  requirements: []
214
- rubygems_version: 3.1.2
149
+ rubygems_version: 3.2.16
215
150
  signing_key:
216
151
  specification_version: 4
217
152
  summary: JSON Web Token implementation in Ruby
data/.codeclimate.yml DELETED
@@ -1,20 +0,0 @@
1
- engines:
2
- rubocop:
3
- enabled: true
4
- golint:
5
- enabled: false
6
- gofmt:
7
- enabled: false
8
- eslint:
9
- enabled: false
10
- csslint:
11
- enabled: false
12
-
13
- ratings:
14
- paths:
15
- - lib/**
16
- - "**.rb"
17
-
18
- exclude_paths:
19
- - spec/**/*
20
- - vendor/**/*
data/.travis.yml DELETED
@@ -1,29 +0,0 @@
1
- sudo: required
2
- cache: bundler
3
- dist: trusty
4
- language: ruby
5
- rvm:
6
- - 2.3
7
- - 2.4
8
- - 2.5
9
- - 2.6
10
- gemfile:
11
- - gemfiles/standalone.gemfile
12
- - gemfiles/rails_5.0.gemfile
13
- - gemfiles/rails_5.1.gemfile
14
- - gemfiles/rails_5.2.gemfile
15
- - gemfiles/rails_6.0.gemfile
16
- script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
17
- before_install:
18
- - sudo add-apt-repository ppa:chris-lea/libsodium -y
19
- - sudo apt-get update -q
20
- - sudo apt-get install libsodium-dev -y
21
- - gem install bundler
22
-
23
- matrix:
24
- fast_finish: true
25
- exclude:
26
- - gemfile: gemfiles/rails_6.0.gemfile
27
- rvm: 2.3
28
- - gemfile: gemfiles/rails_6.0.gemfile
29
- rvm: 2.4