jwt 2.2.2 → 2.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +74 -0
- data/.rspec +1 -0
- data/.rubocop.yml +15 -16
- data/.rubocop_todo.yml +191 -0
- data/{.ebert.yml → .sourcelevel.yml} +1 -1
- data/AUTHORS +60 -43
- data/Appraisals +4 -12
- data/CHANGELOG.md +60 -5
- data/Gemfile +2 -0
- data/README.md +44 -5
- data/Rakefile +4 -1
- data/lib/jwt/algos.rb +44 -0
- data/lib/jwt/algos/none.rb +15 -0
- data/lib/jwt/algos/unsupported.rb +5 -4
- data/lib/jwt/claims_validator.rb +9 -7
- data/lib/jwt/decode.rb +9 -7
- data/lib/jwt/encode.rb +5 -4
- data/lib/jwt/jwk.rb +29 -9
- data/lib/jwt/jwk/ec.rb +150 -0
- data/lib/jwt/jwk/hmac.rb +58 -0
- data/lib/jwt/jwk/key_base.rb +18 -0
- data/lib/jwt/jwk/key_finder.rb +6 -1
- data/lib/jwt/jwk/rsa.rb +84 -23
- data/lib/jwt/signature.rb +7 -22
- data/lib/jwt/version.rb +1 -1
- data/ruby-jwt.gemspec +1 -7
- metadata +11 -76
- data/.codeclimate.yml +0 -20
- data/.travis.yml +0 -29
data/lib/jwt/signature.rb
CHANGED
@@ -2,12 +2,7 @@
|
|
2
2
|
|
3
3
|
require 'jwt/security_utils'
|
4
4
|
require 'openssl'
|
5
|
-
require 'jwt/algos
|
6
|
-
require 'jwt/algos/eddsa'
|
7
|
-
require 'jwt/algos/ecdsa'
|
8
|
-
require 'jwt/algos/rsa'
|
9
|
-
require 'jwt/algos/ps'
|
10
|
-
require 'jwt/algos/unsupported'
|
5
|
+
require 'jwt/algos'
|
11
6
|
begin
|
12
7
|
require 'rbnacl'
|
13
8
|
rescue LoadError
|
@@ -19,31 +14,21 @@ module JWT
|
|
19
14
|
# Signature logic for JWT
|
20
15
|
module Signature
|
21
16
|
extend self
|
22
|
-
ALGOS = [
|
23
|
-
Algos::Hmac,
|
24
|
-
Algos::Ecdsa,
|
25
|
-
Algos::Rsa,
|
26
|
-
Algos::Eddsa,
|
27
|
-
Algos::Ps,
|
28
|
-
Algos::Unsupported
|
29
|
-
].freeze
|
30
17
|
ToSign = Struct.new(:algorithm, :msg, :key)
|
31
18
|
ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
|
32
19
|
|
33
20
|
def sign(algorithm, msg, key)
|
34
|
-
algo =
|
35
|
-
|
36
|
-
end
|
37
|
-
algo.sign ToSign.new(algorithm, msg, key)
|
21
|
+
algo, code = Algos.find(algorithm)
|
22
|
+
algo.sign ToSign.new(code, msg, key)
|
38
23
|
end
|
39
24
|
|
40
25
|
def verify(algorithm, key, signing_input, signature)
|
26
|
+
return true if algorithm.casecmp('none').zero?
|
27
|
+
|
41
28
|
raise JWT::DecodeError, 'No verification key available' unless key
|
42
29
|
|
43
|
-
algo =
|
44
|
-
|
45
|
-
end
|
46
|
-
verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
|
30
|
+
algo, code = Algos.find(algorithm)
|
31
|
+
verified = algo.verify(ToVerify.new(code, key, signing_input, signature))
|
47
32
|
raise(JWT::VerificationError, 'Signature verification raised') unless verified
|
48
33
|
rescue OpenSSL::PKey::PKeyError
|
49
34
|
raise JWT::VerificationError, 'Signature verification raised'
|
data/lib/jwt/version.rb
CHANGED
data/ruby-jwt.gemspec
CHANGED
@@ -24,11 +24,5 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency 'bundler'
|
25
25
|
spec.add_development_dependency 'rake'
|
26
26
|
spec.add_development_dependency 'rspec'
|
27
|
-
spec.add_development_dependency 'simplecov'
|
28
|
-
spec.add_development_dependency 'simplecov-json'
|
29
|
-
spec.add_development_dependency 'codeclimate-test-reporter'
|
30
|
-
spec.add_development_dependency 'codacy-coverage'
|
31
|
-
spec.add_development_dependency 'rbnacl'
|
32
|
-
# RSASSA-PSS support provided by OpenSSL +2.1
|
33
|
-
spec.add_development_dependency 'openssl', '~> 2.1'
|
27
|
+
spec.add_development_dependency 'simplecov'
|
34
28
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Rudat
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-04-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: appraisal
|
@@ -68,20 +68,6 @@ dependencies:
|
|
68
68
|
version: '0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: simplecov
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "<"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0.18'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - "<"
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0.18'
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: simplecov-json
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
86
72
|
requirements:
|
87
73
|
- - ">="
|
@@ -94,62 +80,6 @@ dependencies:
|
|
94
80
|
- - ">="
|
95
81
|
- !ruby/object:Gem::Version
|
96
82
|
version: '0'
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: codeclimate-test-reporter
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - ">="
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: '0'
|
104
|
-
type: :development
|
105
|
-
prerelease: false
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - ">="
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: '0'
|
111
|
-
- !ruby/object:Gem::Dependency
|
112
|
-
name: codacy-coverage
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
114
|
-
requirements:
|
115
|
-
- - ">="
|
116
|
-
- !ruby/object:Gem::Version
|
117
|
-
version: '0'
|
118
|
-
type: :development
|
119
|
-
prerelease: false
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
121
|
-
requirements:
|
122
|
-
- - ">="
|
123
|
-
- !ruby/object:Gem::Version
|
124
|
-
version: '0'
|
125
|
-
- !ruby/object:Gem::Dependency
|
126
|
-
name: rbnacl
|
127
|
-
requirement: !ruby/object:Gem::Requirement
|
128
|
-
requirements:
|
129
|
-
- - ">="
|
130
|
-
- !ruby/object:Gem::Version
|
131
|
-
version: '0'
|
132
|
-
type: :development
|
133
|
-
prerelease: false
|
134
|
-
version_requirements: !ruby/object:Gem::Requirement
|
135
|
-
requirements:
|
136
|
-
- - ">="
|
137
|
-
- !ruby/object:Gem::Version
|
138
|
-
version: '0'
|
139
|
-
- !ruby/object:Gem::Dependency
|
140
|
-
name: openssl
|
141
|
-
requirement: !ruby/object:Gem::Requirement
|
142
|
-
requirements:
|
143
|
-
- - "~>"
|
144
|
-
- !ruby/object:Gem::Version
|
145
|
-
version: '2.1'
|
146
|
-
type: :development
|
147
|
-
prerelease: false
|
148
|
-
version_requirements: !ruby/object:Gem::Requirement
|
149
|
-
requirements:
|
150
|
-
- - "~>"
|
151
|
-
- !ruby/object:Gem::Version
|
152
|
-
version: '2.1'
|
153
83
|
description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT)
|
154
84
|
standard.
|
155
85
|
email: timrudat@gmail.com
|
@@ -157,12 +87,12 @@ executables: []
|
|
157
87
|
extensions: []
|
158
88
|
extra_rdoc_files: []
|
159
89
|
files:
|
160
|
-
- ".
|
161
|
-
- ".ebert.yml"
|
90
|
+
- ".github/workflows/test.yml"
|
162
91
|
- ".gitignore"
|
163
92
|
- ".rspec"
|
164
93
|
- ".rubocop.yml"
|
165
|
-
- ".
|
94
|
+
- ".rubocop_todo.yml"
|
95
|
+
- ".sourcelevel.yml"
|
166
96
|
- AUTHORS
|
167
97
|
- Appraisals
|
168
98
|
- CHANGELOG.md
|
@@ -171,9 +101,11 @@ files:
|
|
171
101
|
- README.md
|
172
102
|
- Rakefile
|
173
103
|
- lib/jwt.rb
|
104
|
+
- lib/jwt/algos.rb
|
174
105
|
- lib/jwt/algos/ecdsa.rb
|
175
106
|
- lib/jwt/algos/eddsa.rb
|
176
107
|
- lib/jwt/algos/hmac.rb
|
108
|
+
- lib/jwt/algos/none.rb
|
177
109
|
- lib/jwt/algos/ps.rb
|
178
110
|
- lib/jwt/algos/rsa.rb
|
179
111
|
- lib/jwt/algos/unsupported.rb
|
@@ -185,6 +117,9 @@ files:
|
|
185
117
|
- lib/jwt/error.rb
|
186
118
|
- lib/jwt/json.rb
|
187
119
|
- lib/jwt/jwk.rb
|
120
|
+
- lib/jwt/jwk/ec.rb
|
121
|
+
- lib/jwt/jwk/hmac.rb
|
122
|
+
- lib/jwt/jwk/key_base.rb
|
188
123
|
- lib/jwt/jwk/key_finder.rb
|
189
124
|
- lib/jwt/jwk/rsa.rb
|
190
125
|
- lib/jwt/security_utils.rb
|
@@ -211,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
211
146
|
- !ruby/object:Gem::Version
|
212
147
|
version: '0'
|
213
148
|
requirements: []
|
214
|
-
rubygems_version: 3.
|
149
|
+
rubygems_version: 3.2.16
|
215
150
|
signing_key:
|
216
151
|
specification_version: 4
|
217
152
|
summary: JSON Web Token implementation in Ruby
|
data/.codeclimate.yml
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
engines:
|
2
|
-
rubocop:
|
3
|
-
enabled: true
|
4
|
-
golint:
|
5
|
-
enabled: false
|
6
|
-
gofmt:
|
7
|
-
enabled: false
|
8
|
-
eslint:
|
9
|
-
enabled: false
|
10
|
-
csslint:
|
11
|
-
enabled: false
|
12
|
-
|
13
|
-
ratings:
|
14
|
-
paths:
|
15
|
-
- lib/**
|
16
|
-
- "**.rb"
|
17
|
-
|
18
|
-
exclude_paths:
|
19
|
-
- spec/**/*
|
20
|
-
- vendor/**/*
|
data/.travis.yml
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
sudo: required
|
2
|
-
cache: bundler
|
3
|
-
dist: trusty
|
4
|
-
language: ruby
|
5
|
-
rvm:
|
6
|
-
- 2.3
|
7
|
-
- 2.4
|
8
|
-
- 2.5
|
9
|
-
- 2.6
|
10
|
-
gemfile:
|
11
|
-
- gemfiles/standalone.gemfile
|
12
|
-
- gemfiles/rails_5.0.gemfile
|
13
|
-
- gemfiles/rails_5.1.gemfile
|
14
|
-
- gemfiles/rails_5.2.gemfile
|
15
|
-
- gemfiles/rails_6.0.gemfile
|
16
|
-
script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
|
17
|
-
before_install:
|
18
|
-
- sudo add-apt-repository ppa:chris-lea/libsodium -y
|
19
|
-
- sudo apt-get update -q
|
20
|
-
- sudo apt-get install libsodium-dev -y
|
21
|
-
- gem install bundler
|
22
|
-
|
23
|
-
matrix:
|
24
|
-
fast_finish: true
|
25
|
-
exclude:
|
26
|
-
- gemfile: gemfiles/rails_6.0.gemfile
|
27
|
-
rvm: 2.3
|
28
|
-
- gemfile: gemfiles/rails_6.0.gemfile
|
29
|
-
rvm: 2.4
|