jwt 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/Rakefile +1 -1
  2. data/jwt.gemspec +2 -4
  3. data/lib/jwt.rb +13 -8
  4. data/spec/jwt.rb +16 -2
  5. metadata +5 -26
  6. data.tar.gz.sig +0 -2
  7. metadata.gz.sig +0 -0
data/Rakefile CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
  require 'rake'
3
3
  require 'echoe'
4
4
 
5
- Echoe.new('jwt', '0.1.3') do |p|
5
+ Echoe.new('jwt', '0.1.4') do |p|
6
6
  p.description = "JSON Web Token implementation in Ruby"
7
7
  p.url = "http://github.com/progrium/ruby-jwt"
8
8
  p.author = "Jeff Lindsay"
data/jwt.gemspec CHANGED
@@ -2,12 +2,11 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{jwt}
5
- s.version = "0.1.3"
5
+ s.version = "0.1.4"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = [%q{Jeff Lindsay}]
9
- s.cert_chain = [%q{/Users/progrium/.gem/gem-public_cert.pem}]
10
- s.date = %q{2011-06-30}
9
+ s.date = %q{2011-11-11}
11
10
  s.description = %q{JSON Web Token implementation in Ruby}
12
11
  s.email = %q{jeff.lindsay@twilio.com}
13
12
  s.extra_rdoc_files = [%q{lib/jwt.rb}]
@@ -17,7 +16,6 @@ Gem::Specification.new do |s|
17
16
  s.require_paths = [%q{lib}]
18
17
  s.rubyforge_project = %q{jwt}
19
18
  s.rubygems_version = %q{1.8.5}
20
- s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
21
19
  s.summary = %q{JSON Web Token implementation in Ruby}
22
20
 
23
21
  if s.respond_to? :specification_version then
data/lib/jwt.rb CHANGED
@@ -1,8 +1,8 @@
1
1
  #
2
2
  # JSON Web Token implementation
3
3
  #
4
- # Minimum implementation based on this spec:
5
- # http://self-issued.info/docs/draft-jones-json-web-token-01.html
4
+ # Should be up to date with the latest spec:
5
+ # http://self-issued.info/docs/draft-jones-json-web-token-06.html
6
6
 
7
7
  require "base64"
8
8
  require "openssl"
@@ -43,35 +43,40 @@ module JWT
43
43
  end
44
44
 
45
45
  def self.encode(payload, key, algorithm='HS256')
46
+ algorithm ||= "none"
46
47
  segments = []
47
48
  header = {"typ" => "JWT", "alg" => algorithm}
48
49
  segments << base64url_encode(header.to_json)
49
50
  segments << base64url_encode(payload.to_json)
50
51
  signing_input = segments.join('.')
51
- signature = sign(algorithm, signing_input, key)
52
- segments << base64url_encode(signature)
52
+ if algorithm != "none"
53
+ signature = sign(algorithm, signing_input, key)
54
+ segments << base64url_encode(signature)
55
+ else
56
+ segments << ""
57
+ end
53
58
  segments.join('.')
54
59
  end
55
60
 
56
61
  def self.decode(jwt, key=nil, verify=true)
57
62
  segments = jwt.split('.')
58
- raise JWT::DecodeError.new("Not enough or too many segments") unless segments.length == 3
63
+ raise JWT::DecodeError.new("Not enough or too many segments") unless [2,3].include? segments.length
59
64
  header_segment, payload_segment, crypto_segment = segments
60
65
  signing_input = [header_segment, payload_segment].join('.')
61
66
  begin
62
67
  header = JSON.parse(base64url_decode(header_segment))
63
68
  payload = JSON.parse(base64url_decode(payload_segment))
64
- signature = base64url_decode(crypto_segment)
69
+ signature = base64url_decode(crypto_segment) if verify
65
70
  rescue JSON::ParserError
66
71
  raise JWT::DecodeError.new("Invalid segment encoding")
67
72
  end
68
- if verify
73
+ if verify == true
69
74
  algo = header['alg']
70
75
 
71
76
  if ["HS256", "HS384", "HS512"].include?(algo)
72
77
  raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
73
78
  elsif ["RS256", "RS384", "RS512"].include?(algo)
74
- verify_rsa(algo, key, signing_input, signature)
79
+ raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
75
80
  else
76
81
  raise JWT::DecodeError.new("Algorithm not supported")
77
82
  end
data/spec/jwt.rb CHANGED
@@ -27,12 +27,19 @@ describe JWT do
27
27
  decoded_payload.should == example_payload
28
28
  end
29
29
 
30
- it "raises exception with wrong key" do
30
+ it "raises exception with wrong hmac key" do
31
31
  right_secret = 'foo'
32
32
  bad_secret = 'bar'
33
- jwt_message = JWT.encode(@payload, right_secret)
33
+ jwt_message = JWT.encode(@payload, right_secret, "HS256")
34
34
  lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
35
35
  end
36
+
37
+ it "raises exception with wrong rsa key" do
38
+ right_private_key = OpenSSL::PKey::RSA.generate(512)
39
+ bad_private_key = OpenSSL::PKey::RSA.generate(512)
40
+ jwt = JWT.encode(@payload, right_private_key, "RS256")
41
+ lambda { JWT.decode(jwt, bad_private_key.public_key) }.should raise_error(JWT::DecodeError)
42
+ end
36
43
 
37
44
  it "allows decoding without key" do
38
45
  right_secret = 'foo'
@@ -45,4 +52,11 @@ describe JWT do
45
52
  it "raises exception on unsupported crypto algorithm" do
46
53
  lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
47
54
  end
55
+
56
+ it "encodes and decodes plaintext JWTs" do
57
+ jwt = JWT.encode(@payload, nil, nil)
58
+ jwt.split('.').length.should == 2
59
+ decoded_payload = JWT.decode(jwt, nil, nil)
60
+ decoded_payload.should == @payload
61
+ end
48
62
  end
metadata CHANGED
@@ -1,42 +1,21 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 19
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 3
10
- version: 0.1.3
9
+ - 4
10
+ version: 0.1.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jeff Lindsay
14
14
  autorequire:
15
15
  bindir: bin
16
- cert_chain:
17
- - |
18
- -----BEGIN CERTIFICATE-----
19
- MIIDPDCCAiSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBEMRUwEwYDVQQDDAxqZWZm
20
- LmxpbmRzYXkxFjAUBgoJkiaJk/IsZAEZFgZ0d2lsaW8xEzARBgoJkiaJk/IsZAEZ
21
- FgNjb20wHhcNMTAwNTA0MjE0NzE3WhcNMTEwNTA0MjE0NzE3WjBEMRUwEwYDVQQD
22
- DAxqZWZmLmxpbmRzYXkxFjAUBgoJkiaJk/IsZAEZFgZ0d2lsaW8xEzARBgoJkiaJ
23
- k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb1P6c
24
- /CN4l2pYBO0d5y7YHW3XJbj5d+5c1E9m2PcvUJ4Vjr7ISQM1SYpwixnWMBXBpzc1
25
- En9YB+PYBEOOaIRh2G23aKdu7PnYQhze91qOBcHnf6LOckq25NbWQO8eaiXD3w5W
26
- HRXOcmzigyTYRIhXBa93eMSihWAXThcfGFKNbtKerVhytT/UVHZU3pr9gCvt9vD0
27
- aBmwMwvDlpO72eXPr5ow3Z+VzCc51iBNC07uvR/wFQ6/lS8ULBpHI9wcdo67wdv5
28
- SaSZSGZCmG1pXov0Ahji7yqFMQ9oot5RDPZavZN3Fh3n6e2hdcSMlLgGkEGYaBVx
29
- gdQFudko7rc5cWTdAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0G
30
- A1UdDgQWBBRXFNQ8j0GGeMiiPWhAlHB356JPGDANBgkqhkiG9w0BAQUFAAOCAQEA
31
- VzMJe10HfJtglbDah9h9lxv8uzK2uV7bXRcIbMCGEdx8cByM+cfKOnoWVDQBVPWA
32
- VznqXdPsrVC70PAMMTk66ro2ciyudilVEuxEl7rhaz0tj9FzNyJUHBKCD4KpGwkC
33
- K435qpJsHMi9k0KxY17grmsE2Hq60lFLK8ZrqgDblEAKTeaGAykMxp9KJOwAKnY2
34
- 4lUY/SVtRuTk0YXsIPNFLYUhYt7arkJtkwWV41GWhj7PbcM5uk5sGoh0aueMzY7f
35
- TvklqXtUw3g3PcoJ8CZw68WaB2/MuJXUehRCZThhkBwi8bDKZzh4rtI/WEb1EgDs
36
- WZqts+sMhUpDxxL+p6p6bQ==
37
- -----END CERTIFICATE-----
16
+ cert_chain: []
38
17
 
39
- date: 2011-06-30 00:00:00 Z
18
+ date: 2011-11-11 00:00:00 Z
40
19
  dependencies:
41
20
  - !ruby/object:Gem::Dependency
42
21
  name: json
data.tar.gz.sig DELETED
@@ -1,2 +0,0 @@
1
- s��f:]�����Ӟk�QF��'��1���څ�g��,��n�����Fg�[�}��nf�m&w:!0jx��z�6?i�?�q劢�}���ƴ{Ú!1����a<ey�E;����p�@���C��r-N}��� A��Eqĵ.�s� s!���U��M��旓C�QW���M#�΢%�\��6-�o���׉��hD˨��o1v�9Jk���O�ĩ`��k
2
- ޤQ�r�%�o.i�e��5�P
metadata.gz.sig DELETED
Binary file