jwt 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +1 -1
- data/jwt.gemspec +2 -4
- data/lib/jwt.rb +13 -8
- data/spec/jwt.rb +16 -2
- metadata +5 -26
- data.tar.gz.sig +0 -2
- metadata.gz.sig +0 -0
data/Rakefile
CHANGED
data/jwt.gemspec
CHANGED
@@ -2,12 +2,11 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{jwt}
|
5
|
-
s.version = "0.1.
|
5
|
+
s.version = "0.1.4"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = [%q{Jeff Lindsay}]
|
9
|
-
s.
|
10
|
-
s.date = %q{2011-06-30}
|
9
|
+
s.date = %q{2011-11-11}
|
11
10
|
s.description = %q{JSON Web Token implementation in Ruby}
|
12
11
|
s.email = %q{jeff.lindsay@twilio.com}
|
13
12
|
s.extra_rdoc_files = [%q{lib/jwt.rb}]
|
@@ -17,7 +16,6 @@ Gem::Specification.new do |s|
|
|
17
16
|
s.require_paths = [%q{lib}]
|
18
17
|
s.rubyforge_project = %q{jwt}
|
19
18
|
s.rubygems_version = %q{1.8.5}
|
20
|
-
s.signing_key = %q{/Users/progrium/.gem/gem-private_key.pem}
|
21
19
|
s.summary = %q{JSON Web Token implementation in Ruby}
|
22
20
|
|
23
21
|
if s.respond_to? :specification_version then
|
data/lib/jwt.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
#
|
2
2
|
# JSON Web Token implementation
|
3
3
|
#
|
4
|
-
#
|
5
|
-
# http://self-issued.info/docs/draft-jones-json-web-token-
|
4
|
+
# Should be up to date with the latest spec:
|
5
|
+
# http://self-issued.info/docs/draft-jones-json-web-token-06.html
|
6
6
|
|
7
7
|
require "base64"
|
8
8
|
require "openssl"
|
@@ -43,35 +43,40 @@ module JWT
|
|
43
43
|
end
|
44
44
|
|
45
45
|
def self.encode(payload, key, algorithm='HS256')
|
46
|
+
algorithm ||= "none"
|
46
47
|
segments = []
|
47
48
|
header = {"typ" => "JWT", "alg" => algorithm}
|
48
49
|
segments << base64url_encode(header.to_json)
|
49
50
|
segments << base64url_encode(payload.to_json)
|
50
51
|
signing_input = segments.join('.')
|
51
|
-
|
52
|
-
|
52
|
+
if algorithm != "none"
|
53
|
+
signature = sign(algorithm, signing_input, key)
|
54
|
+
segments << base64url_encode(signature)
|
55
|
+
else
|
56
|
+
segments << ""
|
57
|
+
end
|
53
58
|
segments.join('.')
|
54
59
|
end
|
55
60
|
|
56
61
|
def self.decode(jwt, key=nil, verify=true)
|
57
62
|
segments = jwt.split('.')
|
58
|
-
raise JWT::DecodeError.new("Not enough or too many segments") unless segments.length
|
63
|
+
raise JWT::DecodeError.new("Not enough or too many segments") unless [2,3].include? segments.length
|
59
64
|
header_segment, payload_segment, crypto_segment = segments
|
60
65
|
signing_input = [header_segment, payload_segment].join('.')
|
61
66
|
begin
|
62
67
|
header = JSON.parse(base64url_decode(header_segment))
|
63
68
|
payload = JSON.parse(base64url_decode(payload_segment))
|
64
|
-
signature = base64url_decode(crypto_segment)
|
69
|
+
signature = base64url_decode(crypto_segment) if verify
|
65
70
|
rescue JSON::ParserError
|
66
71
|
raise JWT::DecodeError.new("Invalid segment encoding")
|
67
72
|
end
|
68
|
-
if verify
|
73
|
+
if verify == true
|
69
74
|
algo = header['alg']
|
70
75
|
|
71
76
|
if ["HS256", "HS384", "HS512"].include?(algo)
|
72
77
|
raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key)
|
73
78
|
elsif ["RS256", "RS384", "RS512"].include?(algo)
|
74
|
-
verify_rsa(algo, key, signing_input, signature)
|
79
|
+
raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
|
75
80
|
else
|
76
81
|
raise JWT::DecodeError.new("Algorithm not supported")
|
77
82
|
end
|
data/spec/jwt.rb
CHANGED
@@ -27,12 +27,19 @@ describe JWT do
|
|
27
27
|
decoded_payload.should == example_payload
|
28
28
|
end
|
29
29
|
|
30
|
-
it "raises exception with wrong key" do
|
30
|
+
it "raises exception with wrong hmac key" do
|
31
31
|
right_secret = 'foo'
|
32
32
|
bad_secret = 'bar'
|
33
|
-
jwt_message = JWT.encode(@payload, right_secret)
|
33
|
+
jwt_message = JWT.encode(@payload, right_secret, "HS256")
|
34
34
|
lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
|
35
35
|
end
|
36
|
+
|
37
|
+
it "raises exception with wrong rsa key" do
|
38
|
+
right_private_key = OpenSSL::PKey::RSA.generate(512)
|
39
|
+
bad_private_key = OpenSSL::PKey::RSA.generate(512)
|
40
|
+
jwt = JWT.encode(@payload, right_private_key, "RS256")
|
41
|
+
lambda { JWT.decode(jwt, bad_private_key.public_key) }.should raise_error(JWT::DecodeError)
|
42
|
+
end
|
36
43
|
|
37
44
|
it "allows decoding without key" do
|
38
45
|
right_secret = 'foo'
|
@@ -45,4 +52,11 @@ describe JWT do
|
|
45
52
|
it "raises exception on unsupported crypto algorithm" do
|
46
53
|
lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
|
47
54
|
end
|
55
|
+
|
56
|
+
it "encodes and decodes plaintext JWTs" do
|
57
|
+
jwt = JWT.encode(@payload, nil, nil)
|
58
|
+
jwt.split('.').length.should == 2
|
59
|
+
decoded_payload = JWT.decode(jwt, nil, nil)
|
60
|
+
decoded_payload.should == @payload
|
61
|
+
end
|
48
62
|
end
|
metadata
CHANGED
@@ -1,42 +1,21 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 19
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 1
|
9
|
-
-
|
10
|
-
version: 0.1.
|
9
|
+
- 4
|
10
|
+
version: 0.1.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Jeff Lindsay
|
14
14
|
autorequire:
|
15
15
|
bindir: bin
|
16
|
-
cert_chain:
|
17
|
-
- |
|
18
|
-
-----BEGIN CERTIFICATE-----
|
19
|
-
MIIDPDCCAiSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBEMRUwEwYDVQQDDAxqZWZm
|
20
|
-
LmxpbmRzYXkxFjAUBgoJkiaJk/IsZAEZFgZ0d2lsaW8xEzARBgoJkiaJk/IsZAEZ
|
21
|
-
FgNjb20wHhcNMTAwNTA0MjE0NzE3WhcNMTEwNTA0MjE0NzE3WjBEMRUwEwYDVQQD
|
22
|
-
DAxqZWZmLmxpbmRzYXkxFjAUBgoJkiaJk/IsZAEZFgZ0d2lsaW8xEzARBgoJkiaJ
|
23
|
-
k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb1P6c
|
24
|
-
/CN4l2pYBO0d5y7YHW3XJbj5d+5c1E9m2PcvUJ4Vjr7ISQM1SYpwixnWMBXBpzc1
|
25
|
-
En9YB+PYBEOOaIRh2G23aKdu7PnYQhze91qOBcHnf6LOckq25NbWQO8eaiXD3w5W
|
26
|
-
HRXOcmzigyTYRIhXBa93eMSihWAXThcfGFKNbtKerVhytT/UVHZU3pr9gCvt9vD0
|
27
|
-
aBmwMwvDlpO72eXPr5ow3Z+VzCc51iBNC07uvR/wFQ6/lS8ULBpHI9wcdo67wdv5
|
28
|
-
SaSZSGZCmG1pXov0Ahji7yqFMQ9oot5RDPZavZN3Fh3n6e2hdcSMlLgGkEGYaBVx
|
29
|
-
gdQFudko7rc5cWTdAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0G
|
30
|
-
A1UdDgQWBBRXFNQ8j0GGeMiiPWhAlHB356JPGDANBgkqhkiG9w0BAQUFAAOCAQEA
|
31
|
-
VzMJe10HfJtglbDah9h9lxv8uzK2uV7bXRcIbMCGEdx8cByM+cfKOnoWVDQBVPWA
|
32
|
-
VznqXdPsrVC70PAMMTk66ro2ciyudilVEuxEl7rhaz0tj9FzNyJUHBKCD4KpGwkC
|
33
|
-
K435qpJsHMi9k0KxY17grmsE2Hq60lFLK8ZrqgDblEAKTeaGAykMxp9KJOwAKnY2
|
34
|
-
4lUY/SVtRuTk0YXsIPNFLYUhYt7arkJtkwWV41GWhj7PbcM5uk5sGoh0aueMzY7f
|
35
|
-
TvklqXtUw3g3PcoJ8CZw68WaB2/MuJXUehRCZThhkBwi8bDKZzh4rtI/WEb1EgDs
|
36
|
-
WZqts+sMhUpDxxL+p6p6bQ==
|
37
|
-
-----END CERTIFICATE-----
|
16
|
+
cert_chain: []
|
38
17
|
|
39
|
-
date: 2011-
|
18
|
+
date: 2011-11-11 00:00:00 Z
|
40
19
|
dependencies:
|
41
20
|
- !ruby/object:Gem::Dependency
|
42
21
|
name: json
|
data.tar.gz.sig
DELETED
metadata.gz.sig
DELETED
Binary file
|