jwt 2.8.2 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/README.md +19 -11
- data/lib/jwt/claims/audience.rb +20 -0
- data/lib/jwt/claims/expiration.rb +22 -0
- data/lib/jwt/claims/issued_at.rb +15 -0
- data/lib/jwt/claims/issuer.rb +24 -0
- data/lib/jwt/claims/jwt_id.rb +25 -0
- data/lib/jwt/claims/not_before.rb +22 -0
- data/lib/jwt/claims/numeric.rb +43 -0
- data/lib/jwt/claims/required.rb +23 -0
- data/lib/jwt/claims/subject.rb +20 -0
- data/lib/jwt/claims.rb +38 -0
- data/lib/jwt/decode.rb +2 -5
- data/lib/jwt/encode.rb +3 -7
- data/lib/jwt/jwa/ecdsa.rb +38 -25
- data/lib/jwt/jwa/eddsa.rb +19 -27
- data/lib/jwt/jwa/hmac.rb +22 -18
- data/lib/jwt/jwa/hmac_rbnacl.rb +38 -43
- data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +35 -39
- data/lib/jwt/jwa/none.rb +7 -3
- data/lib/jwt/jwa/ps.rb +20 -14
- data/lib/jwt/jwa/rsa.rb +20 -9
- data/lib/jwt/jwa/signing_algorithm.rb +59 -0
- data/lib/jwt/jwa/unsupported.rb +8 -8
- data/lib/jwt/jwa/wrapper.rb +26 -9
- data/lib/jwt/jwa.rb +21 -38
- data/lib/jwt/version.rb +2 -2
- data/lib/jwt.rb +1 -0
- metadata +18 -9
- data/lib/jwt/claims_validator.rb +0 -37
- data/lib/jwt/verify.rb +0 -117
data/lib/jwt/jwa/hmac_rbnacl.rb
CHANGED
@@ -1,49 +1,44 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module JWT
|
4
|
-
module
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
end
|
43
|
-
|
44
|
-
def padded_empty_key(length)
|
45
|
-
Array.new(length, 0x0).pack('C*').encode('binary')
|
46
|
-
end
|
4
|
+
module JWA
|
5
|
+
class HmacRbNaCl
|
6
|
+
include JWT::JWA::SigningAlgorithm
|
7
|
+
|
8
|
+
def initialize(alg, hmac)
|
9
|
+
@alg = alg
|
10
|
+
@hmac = hmac
|
11
|
+
end
|
12
|
+
|
13
|
+
def sign(data:, signing_key:)
|
14
|
+
Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
|
15
|
+
hmac.auth(key_for_rbnacl(hmac, signing_key).encode('binary'), data.encode('binary'))
|
16
|
+
end
|
17
|
+
|
18
|
+
def verify(data:, signature:, verification_key:)
|
19
|
+
Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
|
20
|
+
hmac.verify(key_for_rbnacl(hmac, verification_key).encode('binary'), signature.encode('binary'), data.encode('binary'))
|
21
|
+
rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
|
22
|
+
false
|
23
|
+
end
|
24
|
+
|
25
|
+
register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
attr_reader :hmac
|
30
|
+
|
31
|
+
def key_for_rbnacl(hmac, key)
|
32
|
+
key ||= ''
|
33
|
+
raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
|
34
|
+
|
35
|
+
return padded_empty_key(hmac.key_bytes) if key == ''
|
36
|
+
|
37
|
+
key
|
38
|
+
end
|
39
|
+
|
40
|
+
def padded_empty_key(length)
|
41
|
+
Array.new(length, 0x0).pack('C*').encode('binary')
|
47
42
|
end
|
48
43
|
end
|
49
44
|
end
|
@@ -1,45 +1,41 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module JWT
|
4
|
-
module
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
def padded_key_bytes(key, bytesize)
|
41
|
-
key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
|
42
|
-
end
|
4
|
+
module JWA
|
5
|
+
class HmacRbNaClFixed
|
6
|
+
include JWT::JWA::SigningAlgorithm
|
7
|
+
|
8
|
+
def initialize(alg, hmac)
|
9
|
+
@alg = alg
|
10
|
+
@hmac = hmac
|
11
|
+
end
|
12
|
+
|
13
|
+
def sign(data:, signing_key:)
|
14
|
+
signing_key ||= ''
|
15
|
+
Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
|
16
|
+
raise JWT::DecodeError, 'HMAC key expected to be a String' unless signing_key.is_a?(String)
|
17
|
+
|
18
|
+
hmac.auth(padded_key_bytes(signing_key, hmac.key_bytes), data.encode('binary'))
|
19
|
+
end
|
20
|
+
|
21
|
+
def verify(data:, signature:, verification_key:)
|
22
|
+
verification_key ||= ''
|
23
|
+
Deprecations.warning("The use of the algorithm #{alg} is deprecated and will be removed in the next major version of ruby-jwt")
|
24
|
+
raise JWT::DecodeError, 'HMAC key expected to be a String' unless verification_key.is_a?(String)
|
25
|
+
|
26
|
+
hmac.verify(padded_key_bytes(verification_key, hmac.key_bytes), signature.encode('binary'), data.encode('binary'))
|
27
|
+
rescue ::RbNaCl::BadAuthenticatorError, ::RbNaCl::LengthError
|
28
|
+
false
|
29
|
+
end
|
30
|
+
|
31
|
+
register_algorithm(new('HS512256', ::RbNaCl::HMAC::SHA512256))
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
attr_reader :hmac
|
36
|
+
|
37
|
+
def padded_key_bytes(key, bytesize)
|
38
|
+
key.bytes.fill(0, key.bytesize...bytesize).pack('C*')
|
43
39
|
end
|
44
40
|
end
|
45
41
|
end
|
data/lib/jwt/jwa/none.rb
CHANGED
@@ -2,10 +2,12 @@
|
|
2
2
|
|
3
3
|
module JWT
|
4
4
|
module JWA
|
5
|
-
|
6
|
-
|
5
|
+
class None
|
6
|
+
include JWT::JWA::SigningAlgorithm
|
7
7
|
|
8
|
-
|
8
|
+
def initialize
|
9
|
+
@alg = 'none'
|
10
|
+
end
|
9
11
|
|
10
12
|
def sign(*)
|
11
13
|
''
|
@@ -14,6 +16,8 @@ module JWT
|
|
14
16
|
def verify(*)
|
15
17
|
true
|
16
18
|
end
|
19
|
+
|
20
|
+
register_algorithm(new)
|
17
21
|
end
|
18
22
|
end
|
19
23
|
end
|
data/lib/jwt/jwa/ps.rb
CHANGED
@@ -2,29 +2,35 @@
|
|
2
2
|
|
3
3
|
module JWT
|
4
4
|
module JWA
|
5
|
-
|
6
|
-
|
5
|
+
class Ps
|
6
|
+
include JWT::JWA::SigningAlgorithm
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
def initialize(alg)
|
9
|
+
@alg = alg
|
10
|
+
@digest_algorithm = alg.sub('PS', 'sha')
|
11
|
+
end
|
11
12
|
|
12
|
-
def sign(
|
13
|
-
unless
|
14
|
-
|
13
|
+
def sign(data:, signing_key:)
|
14
|
+
unless signing_key.is_a?(::OpenSSL::PKey::RSA)
|
15
|
+
raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance.")
|
15
16
|
end
|
16
17
|
|
17
|
-
|
18
|
-
|
19
|
-
key.sign_pss(translated_algorithm, msg, salt_length: :digest, mgf1_hash: translated_algorithm)
|
18
|
+
signing_key.sign_pss(digest_algorithm, data, salt_length: :digest, mgf1_hash: digest_algorithm)
|
20
19
|
end
|
21
20
|
|
22
|
-
def verify(
|
23
|
-
|
24
|
-
public_key.verify_pss(translated_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: translated_algorithm)
|
21
|
+
def verify(data:, signature:, verification_key:)
|
22
|
+
verification_key.verify_pss(digest_algorithm, signature, data, salt_length: :auto, mgf1_hash: digest_algorithm)
|
25
23
|
rescue OpenSSL::PKey::PKeyError
|
26
24
|
raise JWT::VerificationError, 'Signature verification raised'
|
27
25
|
end
|
26
|
+
|
27
|
+
register_algorithm(new('PS256'))
|
28
|
+
register_algorithm(new('PS384'))
|
29
|
+
register_algorithm(new('PS512'))
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
attr_reader :digest_algorithm
|
28
34
|
end
|
29
35
|
end
|
30
36
|
end
|
data/lib/jwt/jwa/rsa.rb
CHANGED
@@ -2,24 +2,35 @@
|
|
2
2
|
|
3
3
|
module JWT
|
4
4
|
module JWA
|
5
|
-
|
6
|
-
|
5
|
+
class Rsa
|
6
|
+
include JWT::JWA::SigningAlgorithm
|
7
7
|
|
8
|
-
|
8
|
+
def initialize(alg)
|
9
|
+
@alg = alg
|
10
|
+
@digest = OpenSSL::Digest.new(alg.sub('RS', 'SHA'))
|
11
|
+
end
|
9
12
|
|
10
|
-
def sign(
|
11
|
-
unless
|
12
|
-
|
13
|
+
def sign(data:, signing_key:)
|
14
|
+
unless signing_key.is_a?(OpenSSL::PKey::RSA)
|
15
|
+
raise_sign_error!("The given key is a #{signing_key.class}. It has to be an OpenSSL::PKey::RSA instance")
|
13
16
|
end
|
14
17
|
|
15
|
-
|
18
|
+
signing_key.sign(digest, data)
|
16
19
|
end
|
17
20
|
|
18
|
-
def verify(
|
19
|
-
|
21
|
+
def verify(data:, signature:, verification_key:)
|
22
|
+
verification_key.verify(digest, signature, data)
|
20
23
|
rescue OpenSSL::PKey::PKeyError
|
21
24
|
raise JWT::VerificationError, 'Signature verification raised'
|
22
25
|
end
|
26
|
+
|
27
|
+
register_algorithm(new('RS256'))
|
28
|
+
register_algorithm(new('RS384'))
|
29
|
+
register_algorithm(new('RS512'))
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
attr_reader :digest
|
23
34
|
end
|
24
35
|
end
|
25
36
|
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module JWT
|
4
|
+
module JWA
|
5
|
+
module SigningAlgorithm
|
6
|
+
module ClassMethods
|
7
|
+
def register_algorithm(algo)
|
8
|
+
::JWT::JWA.register_algorithm(algo)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.included(klass)
|
13
|
+
klass.extend(ClassMethods)
|
14
|
+
end
|
15
|
+
|
16
|
+
attr_reader :alg
|
17
|
+
|
18
|
+
def valid_alg?(alg_to_check)
|
19
|
+
alg&.casecmp(alg_to_check)&.zero? == true
|
20
|
+
end
|
21
|
+
|
22
|
+
def header(*)
|
23
|
+
{ 'alg' => alg }
|
24
|
+
end
|
25
|
+
|
26
|
+
def sign(*)
|
27
|
+
raise_sign_error!('Algorithm implementation is missing the sign method')
|
28
|
+
end
|
29
|
+
|
30
|
+
def verify(*)
|
31
|
+
raise_verify_error!('Algorithm implementation is missing the verify method')
|
32
|
+
end
|
33
|
+
|
34
|
+
def raise_verify_error!(message)
|
35
|
+
raise(DecodeError.new(message).tap { |e| e.set_backtrace(caller(1)) })
|
36
|
+
end
|
37
|
+
|
38
|
+
def raise_sign_error!(message)
|
39
|
+
raise(EncodeError.new(message).tap { |e| e.set_backtrace(caller(1)) })
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
class << self
|
44
|
+
def register_algorithm(algo)
|
45
|
+
algorithms[algo.alg.to_s.downcase] = algo
|
46
|
+
end
|
47
|
+
|
48
|
+
def find(algo)
|
49
|
+
algorithms.fetch(algo.to_s.downcase, Unsupported)
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def algorithms
|
55
|
+
@algorithms ||= {}
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
data/lib/jwt/jwa/unsupported.rb
CHANGED
@@ -3,16 +3,16 @@
|
|
3
3
|
module JWT
|
4
4
|
module JWA
|
5
5
|
module Unsupported
|
6
|
-
|
6
|
+
class << self
|
7
|
+
include JWT::JWA::SigningAlgorithm
|
7
8
|
|
8
|
-
|
9
|
+
def sign(*)
|
10
|
+
raise_sign_error!('Unsupported signing method')
|
11
|
+
end
|
9
12
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
def verify(*)
|
15
|
-
raise JWT::VerificationError, 'Algorithm not supported'
|
13
|
+
def verify(*)
|
14
|
+
raise JWT::VerificationError, 'Algorithm not supported'
|
15
|
+
end
|
16
16
|
end
|
17
17
|
end
|
18
18
|
end
|
data/lib/jwt/jwa/wrapper.rb
CHANGED
@@ -3,23 +3,40 @@
|
|
3
3
|
module JWT
|
4
4
|
module JWA
|
5
5
|
class Wrapper
|
6
|
-
|
6
|
+
include SigningAlgorithm
|
7
7
|
|
8
|
-
def initialize(
|
9
|
-
@
|
10
|
-
|
8
|
+
def initialize(algorithm)
|
9
|
+
@algorithm = algorithm
|
10
|
+
end
|
11
|
+
|
12
|
+
def alg
|
13
|
+
return @algorithm.alg if @algorithm.respond_to?(:alg)
|
14
|
+
|
15
|
+
super
|
11
16
|
end
|
12
17
|
|
13
18
|
def valid_alg?(alg_to_check)
|
14
|
-
|
19
|
+
return @algorithm.valid_alg?(alg_to_check) if @algorithm.respond_to?(:valid_alg?)
|
20
|
+
|
21
|
+
super
|
15
22
|
end
|
16
23
|
|
17
|
-
def
|
18
|
-
|
24
|
+
def header(*args, **kwargs)
|
25
|
+
return @algorithm.header(*args, **kwargs) if @algorithm.respond_to?(:header)
|
26
|
+
|
27
|
+
super
|
19
28
|
end
|
20
29
|
|
21
|
-
def
|
22
|
-
|
30
|
+
def sign(*args, **kwargs)
|
31
|
+
return @algorithm.sign(*args, **kwargs) if @algorithm.respond_to?(:sign)
|
32
|
+
|
33
|
+
super
|
34
|
+
end
|
35
|
+
|
36
|
+
def verify(*args, **kwargs)
|
37
|
+
return @algorithm.verify(*args, **kwargs) if @algorithm.respond_to?(:verify)
|
38
|
+
|
39
|
+
super
|
23
40
|
end
|
24
41
|
end
|
25
42
|
end
|
data/lib/jwt/jwa.rb
CHANGED
@@ -8,54 +8,37 @@ rescue LoadError
|
|
8
8
|
raise if defined?(RbNaCl)
|
9
9
|
end
|
10
10
|
|
11
|
-
require_relative 'jwa/
|
12
|
-
require_relative 'jwa/eddsa'
|
11
|
+
require_relative 'jwa/signing_algorithm'
|
13
12
|
require_relative 'jwa/ecdsa'
|
14
|
-
require_relative 'jwa/
|
15
|
-
require_relative 'jwa/ps'
|
13
|
+
require_relative 'jwa/hmac'
|
16
14
|
require_relative 'jwa/none'
|
15
|
+
require_relative 'jwa/ps'
|
16
|
+
require_relative 'jwa/rsa'
|
17
17
|
require_relative 'jwa/unsupported'
|
18
18
|
require_relative 'jwa/wrapper'
|
19
19
|
|
20
|
+
if JWT.rbnacl?
|
21
|
+
require_relative 'jwa/eddsa'
|
22
|
+
end
|
23
|
+
|
24
|
+
if JWT.rbnacl_6_or_greater?
|
25
|
+
require_relative 'jwa/hmac_rbnacl'
|
26
|
+
elsif JWT.rbnacl?
|
27
|
+
require_relative 'jwa/hmac_rbnacl_fixed'
|
28
|
+
end
|
29
|
+
|
20
30
|
module JWT
|
21
31
|
module JWA
|
22
|
-
ALGOS = [Hmac, Ecdsa, Rsa, Eddsa, Ps, None, Unsupported].tap do |l|
|
23
|
-
if ::JWT.rbnacl_6_or_greater?
|
24
|
-
require_relative 'jwa/hmac_rbnacl'
|
25
|
-
l << Algos::HmacRbNaCl
|
26
|
-
elsif ::JWT.rbnacl?
|
27
|
-
require_relative 'jwa/hmac_rbnacl_fixed'
|
28
|
-
l << Algos::HmacRbNaClFixed
|
29
|
-
end
|
30
|
-
end.freeze
|
31
|
-
|
32
32
|
class << self
|
33
|
-
def
|
34
|
-
|
35
|
-
end
|
36
|
-
|
37
|
-
def create(algorithm)
|
38
|
-
return algorithm if JWA.implementation?(algorithm)
|
39
|
-
|
40
|
-
Wrapper.new(*find(algorithm))
|
41
|
-
end
|
42
|
-
|
43
|
-
def implementation?(algorithm)
|
44
|
-
(algorithm.respond_to?(:valid_alg?) && algorithm.respond_to?(:verify)) ||
|
45
|
-
(algorithm.respond_to?(:alg) && algorithm.respond_to?(:sign))
|
46
|
-
end
|
33
|
+
def resolve(algorithm)
|
34
|
+
return find(algorithm) if algorithm.is_a?(String) || algorithm.is_a?(Symbol)
|
47
35
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
@indexed ||= begin
|
52
|
-
fallback = [nil, Unsupported]
|
53
|
-
ALGOS.each_with_object(Hash.new(fallback)) do |cls, hash|
|
54
|
-
cls.const_get(:SUPPORTED).each do |alg|
|
55
|
-
hash[alg.downcase] = [alg, cls]
|
56
|
-
end
|
57
|
-
end
|
36
|
+
unless algorithm.is_a?(SigningAlgorithm)
|
37
|
+
Deprecations.warning('Custom algorithms are required to include JWT::JWA::SigningAlgorithm')
|
38
|
+
return Wrapper.new(algorithm)
|
58
39
|
end
|
40
|
+
|
41
|
+
algorithm
|
59
42
|
end
|
60
43
|
end
|
61
44
|
end
|
data/lib/jwt/version.rb
CHANGED
data/lib/jwt.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Rudat
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: base64
|
@@ -123,7 +123,16 @@ files:
|
|
123
123
|
- README.md
|
124
124
|
- lib/jwt.rb
|
125
125
|
- lib/jwt/base64.rb
|
126
|
-
- lib/jwt/
|
126
|
+
- lib/jwt/claims.rb
|
127
|
+
- lib/jwt/claims/audience.rb
|
128
|
+
- lib/jwt/claims/expiration.rb
|
129
|
+
- lib/jwt/claims/issued_at.rb
|
130
|
+
- lib/jwt/claims/issuer.rb
|
131
|
+
- lib/jwt/claims/jwt_id.rb
|
132
|
+
- lib/jwt/claims/not_before.rb
|
133
|
+
- lib/jwt/claims/numeric.rb
|
134
|
+
- lib/jwt/claims/required.rb
|
135
|
+
- lib/jwt/claims/subject.rb
|
127
136
|
- lib/jwt/configuration.rb
|
128
137
|
- lib/jwt/configuration/container.rb
|
129
138
|
- lib/jwt/configuration/decode_configuration.rb
|
@@ -142,6 +151,7 @@ files:
|
|
142
151
|
- lib/jwt/jwa/none.rb
|
143
152
|
- lib/jwt/jwa/ps.rb
|
144
153
|
- lib/jwt/jwa/rsa.rb
|
154
|
+
- lib/jwt/jwa/signing_algorithm.rb
|
145
155
|
- lib/jwt/jwa/unsupported.rb
|
146
156
|
- lib/jwt/jwa/wrapper.rb
|
147
157
|
- lib/jwt/jwk.rb
|
@@ -154,7 +164,6 @@ files:
|
|
154
164
|
- lib/jwt/jwk/rsa.rb
|
155
165
|
- lib/jwt/jwk/set.rb
|
156
166
|
- lib/jwt/jwk/thumbprint.rb
|
157
|
-
- lib/jwt/verify.rb
|
158
167
|
- lib/jwt/version.rb
|
159
168
|
- lib/jwt/x5c_key_finder.rb
|
160
169
|
- ruby-jwt.gemspec
|
@@ -163,9 +172,9 @@ licenses:
|
|
163
172
|
- MIT
|
164
173
|
metadata:
|
165
174
|
bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
|
166
|
-
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.
|
175
|
+
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.9.0/CHANGELOG.md
|
167
176
|
rubygems_mfa_required: 'true'
|
168
|
-
post_install_message:
|
177
|
+
post_install_message:
|
169
178
|
rdoc_options: []
|
170
179
|
require_paths:
|
171
180
|
- lib
|
@@ -180,8 +189,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
180
189
|
- !ruby/object:Gem::Version
|
181
190
|
version: '0'
|
182
191
|
requirements: []
|
183
|
-
rubygems_version: 3.5.
|
184
|
-
signing_key:
|
192
|
+
rubygems_version: 3.5.16
|
193
|
+
signing_key:
|
185
194
|
specification_version: 4
|
186
195
|
summary: JSON Web Token implementation in Ruby
|
187
196
|
test_files: []
|
data/lib/jwt/claims_validator.rb
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require_relative 'error'
|
4
|
-
|
5
|
-
module JWT
|
6
|
-
class ClaimsValidator
|
7
|
-
NUMERIC_CLAIMS = %i[
|
8
|
-
exp
|
9
|
-
iat
|
10
|
-
nbf
|
11
|
-
].freeze
|
12
|
-
|
13
|
-
def initialize(payload)
|
14
|
-
@payload = payload.transform_keys(&:to_sym)
|
15
|
-
end
|
16
|
-
|
17
|
-
def validate!
|
18
|
-
validate_numeric_claims
|
19
|
-
|
20
|
-
true
|
21
|
-
end
|
22
|
-
|
23
|
-
private
|
24
|
-
|
25
|
-
def validate_numeric_claims
|
26
|
-
NUMERIC_CLAIMS.each do |claim|
|
27
|
-
validate_is_numeric(claim) if @payload.key?(claim)
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
def validate_is_numeric(claim)
|
32
|
-
return if @payload[claim].is_a?(Numeric)
|
33
|
-
|
34
|
-
raise InvalidPayload, "#{claim} claim must be a Numeric value but it is a #{@payload[claim].class}"
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|