jwt 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data.tar.gz.sig +2 -1
- data/Rakefile +2 -9
- data/jwt.gemspec +9 -9
- data/lib/jwt.rb +25 -6
- data/spec/jwt.rb +18 -10
- metadata +5 -7
- metadata.gz.sig +0 -0
data.tar.gz.sig
CHANGED
@@ -1 +1,2 @@
|
|
1
|
-
|
1
|
+
s��f:]�����Ӟk�QF��'��1���څ�g��,��n�����Fg�[�}��nf�m&w:!0jx��z�6?i�?�q劢�}���ƴ{Ú!1����a<ey�E;����p�@���C��r-N}���A��Eqĵ.�s�s!���U��M��旓C�QW���M#�%�\��6-�o�����hD˨��o1v�9Jk���O�ĩ`��k
|
2
|
+
ޤQ�r�%�o.i�e��5�P
|
data/Rakefile
CHANGED
@@ -1,11 +1,8 @@
|
|
1
1
|
require 'rubygems'
|
2
2
|
require 'rake'
|
3
|
-
require 'rake/clean'
|
4
3
|
require 'echoe'
|
5
4
|
|
6
|
-
|
7
|
-
|
8
|
-
Echoe.new('jwt', '0.1.2') do |p|
|
5
|
+
Echoe.new('jwt', '0.1.3') do |p|
|
9
6
|
p.description = "JSON Web Token implementation in Ruby"
|
10
7
|
p.url = "http://github.com/progrium/ruby-jwt"
|
11
8
|
p.author = "Jeff Lindsay"
|
@@ -16,9 +13,5 @@ Echoe.new('jwt', '0.1.2') do |p|
|
|
16
13
|
end
|
17
14
|
|
18
15
|
task :test do
|
19
|
-
sh "
|
16
|
+
sh "rspec spec/jwt.rb"
|
20
17
|
end
|
21
|
-
|
22
|
-
task :release => [:clean, :gem] do
|
23
|
-
sh "ls pkg/*.gem"
|
24
|
-
end
|
data/jwt.gemspec
CHANGED
@@ -2,21 +2,21 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{jwt}
|
5
|
-
s.version = "0.1.
|
5
|
+
s.version = "0.1.3"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
|
-
s.authors = [
|
9
|
-
s.cert_chain = [
|
10
|
-
s.date = %q{2011-
|
8
|
+
s.authors = [%q{Jeff Lindsay}]
|
9
|
+
s.cert_chain = [%q{/Users/progrium/.gem/gem-public_cert.pem}]
|
10
|
+
s.date = %q{2011-06-30}
|
11
11
|
s.description = %q{JSON Web Token implementation in Ruby}
|
12
12
|
s.email = %q{jeff.lindsay@twilio.com}
|
13
|
-
s.extra_rdoc_files = [
|
14
|
-
s.files = [
|
13
|
+
s.extra_rdoc_files = [%q{lib/jwt.rb}]
|
14
|
+
s.files = [%q{Rakefile}, %q{lib/jwt.rb}, %q{spec/jwt.rb}, %q{Manifest}, %q{jwt.gemspec}]
|
15
15
|
s.homepage = %q{http://github.com/progrium/ruby-jwt}
|
16
|
-
s.rdoc_options = [
|
17
|
-
s.require_paths = [
|
16
|
+
s.rdoc_options = [%q{--line-numbers}, %q{--inline-source}, %q{--title}, %q{Jwt}, %q{--main}, %q{README.md}]
|
17
|
+
s.require_paths = [%q{lib}]
|
18
18
|
s.rubyforge_project = %q{jwt}
|
19
|
-
s.rubygems_version = %q{1.
|
19
|
+
s.rubygems_version = %q{1.8.5}
|
20
20
|
s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
|
21
21
|
s.summary = %q{JSON Web Token implementation in Ruby}
|
22
22
|
|
data/lib/jwt.rb
CHANGED
@@ -12,7 +12,24 @@ module JWT
|
|
12
12
|
class DecodeError < Exception; end
|
13
13
|
|
14
14
|
def self.sign(algorithm, msg, key)
|
15
|
-
|
15
|
+
if ["HS256", "HS384", "HS512"].include?(algorithm)
|
16
|
+
sign_hmac(algorithm, msg, key)
|
17
|
+
elsif ["RS256", "RS384", "RS512"].include?(algorithm)
|
18
|
+
sign_rsa(algorithm, msg, key)
|
19
|
+
else
|
20
|
+
raise NotImplementedError.new("Unsupported signing method")
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def self.sign_rsa(algorithm, msg, private_key)
|
25
|
+
private_key.sign(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), msg)
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.verify_rsa(algorithm, public_key, signing_input, signature)
|
29
|
+
public_key.verify(OpenSSL::Digest::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
|
30
|
+
end
|
31
|
+
|
32
|
+
def self.sign_hmac(algorithm, msg, key)
|
16
33
|
OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg)
|
17
34
|
end
|
18
35
|
|
@@ -49,11 +66,13 @@ module JWT
|
|
49
66
|
raise JWT::DecodeError.new("Invalid segment encoding")
|
50
67
|
end
|
51
68
|
if verify
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
69
|
+
algo = header['alg']
|
70
|
+
|
71
|
+
if ["HS256", "HS384", "HS512"].include?(algo)
|
72
|
+
raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
|
73
|
+
elsif ["RS256", "RS384", "RS512"].include?(algo)
|
74
|
+
verify_rsa(algo, key, signing_input, signature)
|
75
|
+
else
|
57
76
|
raise JWT::DecodeError.new("Algorithm not supported")
|
58
77
|
end
|
59
78
|
end
|
data/spec/jwt.rb
CHANGED
@@ -1,14 +1,22 @@
|
|
1
|
-
require '
|
2
|
-
require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
|
3
|
-
|
4
|
-
payload = {"foo" => "bar"}
|
1
|
+
require 'helper'
|
5
2
|
|
6
3
|
describe JWT do
|
4
|
+
before do
|
5
|
+
@payload = {"foo" => "bar"}
|
6
|
+
end
|
7
|
+
|
7
8
|
it "encodes and decodes JWTs" do
|
8
9
|
secret = "secret"
|
9
|
-
jwt = JWT.encode(payload, secret)
|
10
|
+
jwt = JWT.encode(@payload, secret)
|
10
11
|
decoded_payload = JWT.decode(jwt, secret)
|
11
|
-
decoded_payload.should == payload
|
12
|
+
decoded_payload.should == @payload
|
13
|
+
end
|
14
|
+
|
15
|
+
it "encodes and decodes JWTs for RSA signatures" do
|
16
|
+
private_key = OpenSSL::PKey::RSA.generate(512)
|
17
|
+
jwt = JWT.encode(@payload, private_key, "RS256")
|
18
|
+
decoded_payload = JWT.decode(jwt, private_key.public_key)
|
19
|
+
decoded_payload.should == @payload
|
12
20
|
end
|
13
21
|
|
14
22
|
it "decodes valid JWTs" do
|
@@ -22,19 +30,19 @@ describe JWT do
|
|
22
30
|
it "raises exception with wrong key" do
|
23
31
|
right_secret = 'foo'
|
24
32
|
bad_secret = 'bar'
|
25
|
-
jwt_message = JWT.encode(payload, right_secret)
|
33
|
+
jwt_message = JWT.encode(@payload, right_secret)
|
26
34
|
lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
|
27
35
|
end
|
28
36
|
|
29
37
|
it "allows decoding without key" do
|
30
38
|
right_secret = 'foo'
|
31
39
|
bad_secret = 'bar'
|
32
|
-
jwt = JWT.encode(payload, right_secret)
|
40
|
+
jwt = JWT.encode(@payload, right_secret)
|
33
41
|
decoded_payload = JWT.decode(jwt, bad_secret, false)
|
34
|
-
decoded_payload.should == payload
|
42
|
+
decoded_payload.should == @payload
|
35
43
|
end
|
36
44
|
|
37
45
|
it "raises exception on unsupported crypto algorithm" do
|
38
|
-
lambda { JWT.encode(payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
|
46
|
+
lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
|
39
47
|
end
|
40
48
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 29
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 1
|
9
|
-
-
|
10
|
-
version: 0.1.
|
9
|
+
- 3
|
10
|
+
version: 0.1.3
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Jeff Lindsay
|
@@ -36,8 +36,7 @@ cert_chain:
|
|
36
36
|
WZqts+sMhUpDxxL+p6p6bQ==
|
37
37
|
-----END CERTIFICATE-----
|
38
38
|
|
39
|
-
date: 2011-
|
40
|
-
default_executable:
|
39
|
+
date: 2011-06-30 00:00:00 Z
|
41
40
|
dependencies:
|
42
41
|
- !ruby/object:Gem::Dependency
|
43
42
|
name: json
|
@@ -69,7 +68,6 @@ files:
|
|
69
68
|
- spec/jwt.rb
|
70
69
|
- Manifest
|
71
70
|
- jwt.gemspec
|
72
|
-
has_rdoc: true
|
73
71
|
homepage: http://github.com/progrium/ruby-jwt
|
74
72
|
licenses: []
|
75
73
|
|
@@ -105,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
105
103
|
requirements: []
|
106
104
|
|
107
105
|
rubyforge_project: jwt
|
108
|
-
rubygems_version: 1.
|
106
|
+
rubygems_version: 1.8.5
|
109
107
|
signing_key:
|
110
108
|
specification_version: 3
|
111
109
|
summary: JSON Web Token implementation in Ruby
|
metadata.gz.sig
CHANGED
Binary file
|