jwt 2.2.2 → 2.2.3

data/lib/jwt/signature.rb

@@ -2,12 +2,7 @@
 
 require 'jwt/security_utils'
 require 'openssl'
-require 'jwt/algos/hmac'
-require 'jwt/algos/eddsa'
-require 'jwt/algos/ecdsa'
-require 'jwt/algos/rsa'
-require 'jwt/algos/ps'
-require 'jwt/algos/unsupported'
+require 'jwt/algos'
 begin
   require 'rbnacl'
 rescue LoadError
@@ -19,31 +14,21 @@ module JWT
   # Signature logic for JWT
   module Signature
     extend self
-    ALGOS = [
-      Algos::Hmac,
-      Algos::Ecdsa,
-      Algos::Rsa,
-      Algos::Eddsa,
-      Algos::Ps,
-      Algos::Unsupported
-    ].freeze
     ToSign = Struct.new(:algorithm, :msg, :key)
     ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
 
     def sign(algorithm, msg, key)
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      algo.sign ToSign.new(algorithm, msg, key)
+      algo, code = Algos.find(algorithm)
+      algo.sign ToSign.new(code, msg, key)
     end
 
     def verify(algorithm, key, signing_input, signature)
+      return true if algorithm.casecmp('none').zero?
+
       raise JWT::DecodeError, 'No verification key available' unless key
 
-      algo = ALGOS.find do |alg|
-        alg.const_get(:SUPPORTED).include? algorithm
-      end
-      verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
+      algo, code = Algos.find(algorithm)
+      verified = algo.verify(ToVerify.new(code, key, signing_input, signature))
       raise(JWT::VerificationError, 'Signature verification raised') unless verified
     rescue OpenSSL::PKey::PKeyError
       raise JWT::VerificationError, 'Signature verification raised'

data/lib/jwt/version.rb

@@ -14,7 +14,7 @@ module JWT
     # minor version
     MINOR = 2
     # tiny version
-    TINY  = 2
+    TINY  = 3
     # alpha, beta, etc. tag
     PRE   = nil
 

data/ruby-jwt.gemspec

@@ -24,11 +24,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
-  spec.add_development_dependency 'simplecov', '< 0.18'
-  spec.add_development_dependency 'simplecov-json'
-  spec.add_development_dependency 'codeclimate-test-reporter'
-  spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rbnacl'
-  # RSASSA-PSS support provided by OpenSSL +2.1
-  spec.add_development_dependency 'openssl', '~> 2.1'
+  spec.add_development_dependency 'simplecov'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 2.2.3
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-18 00:00:00.000000000 Z
+date: 2021-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -68,20 +68,6 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '0.18'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '0.18'
-- !ruby/object:Gem::Dependency
-  name: simplecov-json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -94,62 +80,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: codacy-coverage
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rbnacl
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: openssl
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
 description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT)
   standard.
 email: timrudat@gmail.com
@@ -157,12 +87,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".ebert.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- ".rubocop_todo.yml"
+- ".sourcelevel.yml"
 - AUTHORS
 - Appraisals
 - CHANGELOG.md
@@ -171,9 +101,11 @@ files:
 - README.md
 - Rakefile
 - lib/jwt.rb
+- lib/jwt/algos.rb
 - lib/jwt/algos/ecdsa.rb
 - lib/jwt/algos/eddsa.rb
 - lib/jwt/algos/hmac.rb
+- lib/jwt/algos/none.rb
 - lib/jwt/algos/ps.rb
 - lib/jwt/algos/rsa.rb
 - lib/jwt/algos/unsupported.rb
@@ -185,6 +117,9 @@ files:
 - lib/jwt/error.rb
 - lib/jwt/json.rb
 - lib/jwt/jwk.rb
+- lib/jwt/jwk/ec.rb
+- lib/jwt/jwk/hmac.rb
+- lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
 - lib/jwt/jwk/rsa.rb
 - lib/jwt/security_utils.rb
@@ -211,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.16
 signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby

data/.codeclimate.yml

@@ -1,20 +0,0 @@
-engines:
-  rubocop:
-    enabled: true
-  golint:
-    enabled: false
-  gofmt:
-    enabled: false
-  eslint:
-    enabled: false
-  csslint:
-    enabled: false
-
-ratings:
-  paths:
-    - lib/**
-    - "**.rb"
-
-exclude_paths:
-  - spec/**/*
-  - vendor/**/*

data/.travis.yml

@@ -1,29 +0,0 @@
-sudo: required
-cache: bundler
-dist: trusty
-language: ruby
-rvm:
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
-gemfile:
-  - gemfiles/standalone.gemfile
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-  - gemfiles/rails_5.2.gemfile
-  - gemfiles/rails_6.0.gemfile
-script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
-before_install:
-  - sudo add-apt-repository ppa:chris-lea/libsodium -y
-  - sudo apt-get update -q
-  - sudo apt-get install libsodium-dev -y
-  - gem install bundler
-
-matrix:
-  fast_finish: true
-  exclude:
-    - gemfile: gemfiles/rails_6.0.gemfile
-      rvm: 2.3
-    - gemfile: gemfiles/rails_6.0.gemfile
-      rvm: 2.4