jwt 0.1.13 → 1.0.0

data/Manifest

@@ -1,5 +1,6 @@
 Rakefile
 lib/jwt.rb
+lib/jwt/json.rb
 spec/helper.rb
 spec/jwt_spec.rb
 Manifest

data/Rakefile

@@ -2,13 +2,12 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
 
-Echoe.new('jwt', '0.1.13') do |p|
+Echoe.new('jwt', '1.0.0') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"
   p.email          = "progrium@gmail.com"
   p.ignore_pattern = ["tmp/*"]
-  p.runtime_dependencies = ["multi_json >=1.5"]
   p.development_dependencies = ["echoe >=4.6.3"]
   p.licenses       = "MIT"
 end

data/jwt.gemspec

@@ -2,15 +2,15 @@
 
 Gem::Specification.new do |s|
   s.name = "jwt"
-  s.version = "0.1.13"
+  s.version = "1.0.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jeff Lindsay"]
-  s.date = "2014-05-09"
+  s.date = "2014-05-07"
   s.description = "JSON Web Token implementation in Ruby"
   s.email = "progrium@gmail.com"
-  s.extra_rdoc_files = ["lib/jwt.rb"]
-  s.files = ["Rakefile", "lib/jwt.rb", "spec/helper.rb", "spec/jwt_spec.rb", "Manifest", "jwt.gemspec"]
+  s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]
+  s.files = ["Rakefile", "lib/jwt.rb", "lib/jwt/json.rb", "spec/helper.rb", "spec/jwt_spec.rb", "Manifest", "jwt.gemspec"]
   s.homepage = "http://github.com/progrium/ruby-jwt"
   s.licenses = ["MIT"]
   s.rdoc_options = ["--line-numbers", "--title", "Jwt", "--main", "README.md"]
@@ -23,14 +23,11 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<multi_json>, [">= 1.5"])
       s.add_development_dependency(%q<echoe>, [">= 4.6.3"])
     else
-      s.add_dependency(%q<multi_json>, [">= 1.5"])
       s.add_dependency(%q<echoe>, [">= 4.6.3"])
     end
   else
-    s.add_dependency(%q<multi_json>, [">= 1.5"])
     s.add_dependency(%q<echoe>, [">= 4.6.3"])
   end
 end

data/lib/jwt.rb

@@ -6,10 +6,11 @@
 
 require "base64"
 require "openssl"
-require "multi_json"
+require "jwt/json"
 
 module JWT
   class DecodeError < StandardError; end
+  extend JWT::Json
 
   module_function
 
@@ -44,59 +45,88 @@ module JWT
     Base64.encode64(str).tr("+/", "-_").gsub(/[\n=]/, "")
   end
 
-  def encode(payload, key, algorithm="HS256", header_fields={})
-    algorithm ||= "none"
-    segments = []
+  def encoded_header(algorithm="HS256", header_fields={})
     header = {"typ" => "JWT", "alg" => algorithm}.merge(header_fields)
-    segments << base64url_encode(MultiJson.encode(header))
-    segments << base64url_encode(MultiJson.encode(payload))
-    signing_input = segments.join(".")
+    base64url_encode(encode_json(header))
+  end
+
+  def encoded_payload(payload)
+    base64url_encode(encode_json(payload))
+  end
+
+  def encoded_signature(signing_input, key, algorithm)
     if algorithm == "none"
-      segments << ""
+      ""
     else
       signature = sign(algorithm, signing_input, key)
-      segments << base64url_encode(signature)
+      base64url_encode(signature)
     end
+  end
+
+  def encode(payload, key, algorithm="HS256", header_fields={})
+    algorithm ||= "none"
+    segments = []
+    segments << encoded_header(algorithm, header_fields)
+    segments << encoded_payload(payload)
+    segments << encoded_signature(segments.join("."), key, algorithm)
     segments.join(".")
   end
 
-  def decode(jwt, key=nil, verify=true, &keyfinder)
+  def raw_segments(jwt, verify=true)
     segments = jwt.split(".")
-    raise JWT::DecodeError.new("Not enough or too many segments") unless [2,3].include? segments.length
-    header_segment, payload_segment, crypto_segment = segments
+    required_num_segments = verify ? [3] : [2,3]
+    raise JWT::DecodeError.new("Not enough or too many segments") unless required_num_segments.include? segments.length
+    segments
+  end
+
+  def decode_header_and_payload(header_segment, payload_segment)
+    header = decode_json(base64url_decode(header_segment))
+    payload = decode_json(base64url_decode(payload_segment))
+    [header, payload]
+  end
+
+  def decoded_segments(jwt, verify=true)
+    header_segment, payload_segment, crypto_segment = raw_segments(jwt, verify)
+    header, payload = decode_header_and_payload(header_segment, payload_segment)
+    signature = base64url_decode(crypto_segment.to_s) if verify
     signing_input = [header_segment, payload_segment].join(".")
-    begin
-      header = MultiJson.decode(base64url_decode(header_segment))
-      payload = MultiJson.decode(base64url_decode(payload_segment))
-      signature = base64url_decode(crypto_segment.to_s) if verify
-    rescue MultiJson::LoadError
-      raise JWT::DecodeError.new("Invalid segment encoding")
-    end
+    [header, payload, signature, signing_input]
+  end
+
+  def decode(jwt, key=nil, verify=true, &keyfinder)
+    raise JWT::DecodeError.new("Nil JSON web token") unless jwt
 
+    header, payload, signature, signing_input = decoded_segments(jwt, verify)
     raise JWT::DecodeError.new("Not enough or too many segments") unless header && payload
 
     if verify
-      algo = header["alg"]
+      algo, key = signature_algorithm_and_key(header, key, &keyfinder)
+      verify_signature(algo, key, signing_input, signature)
+    end
+    return payload,header
+  end
 
-      if keyfinder
-        key = keyfinder.call(header)
-      end
+  def signature_algorithm_and_key(header, key, &keyfinder)
+    if keyfinder
+      key = keyfinder.call(header)
+    end
+    [header['alg'], key]
+  end
 
-      begin
-        if ["HS256", "HS384", "HS512"].include?(algo)
-          raise JWT::DecodeError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
-        elsif ["RS256", "RS384", "RS512"].include?(algo)
-          raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
-        else
-          raise JWT::DecodeError.new("Algorithm not supported")
-        end
-      rescue OpenSSL::PKey::PKeyError
-        raise JWT::DecodeError.new("Signature verification failed")
-      ensure
-        OpenSSL.errors.clear
+  def verify_signature(algo, key, signing_input, signature)
+    begin
+      if ["HS256", "HS384", "HS512"].include?(algo)
+        raise JWT::DecodeError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
+      elsif ["RS256", "RS384", "RS512"].include?(algo)
+        raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
+      else
+        raise JWT::DecodeError.new("Algorithm not supported")
       end
+    rescue OpenSSL::PKey::PKeyError
+      raise JWT::DecodeError.new("Signature verification failed")
+    ensure
+      OpenSSL.errors.clear
     end
-    payload
   end
 
   # From devise

data/lib/jwt/json.rb

@@ -0,0 +1,30 @@
+module JWT
+  module Json
+    if RUBY_VERSION >= "1.9" && !defined?(MultiJson)
+      require 'json'
+
+      def decode_json(encoded)
+        JSON.parse(encoded)
+      rescue JSON::ParserError
+        raise JWT::DecodeError.new("Invalid segment encoding")
+      end
+
+      def encode_json(raw)
+        JSON.generate(raw)
+      end
+
+    else
+      require "multi_json"
+
+      def decode_json(encoded)
+        MultiJson.decode(encoded)
+      rescue MultiJson::LoadError
+        raise JWT::DecodeError.new("Invalid segment encoding")
+      end
+
+      def encode_json(raw)
+        MultiJson.encode(raw)
+      end
+    end
+  end
+end

data/spec/jwt_spec.rb

@@ -9,24 +9,24 @@ describe JWT do
     secret = "secret"
     jwt = JWT.encode(@payload, secret)
     decoded_payload = JWT.decode(jwt, secret)
-    decoded_payload.should == @payload
+    expect(decoded_payload).to include(@payload)
   end
 
   it "encodes and decodes JWTs for RSA signatures" do
     private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, private_key, "RS256")
     decoded_payload = JWT.decode(jwt, private_key.public_key)
-    decoded_payload.should == @payload
+    expect(decoded_payload).to include(@payload)
   end
 
   it "encodes and decodes JWTs with custom header fields" do
     private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, private_key, "RS256", {"kid" => 'default'})
     decoded_payload = JWT.decode(jwt) do |header|
-      header["kid"].should == 'default'
+      expect(header["kid"]).to eq('default')
       private_key.public_key
     end
-    decoded_payload.should == @payload
+    expect(decoded_payload).to include(@payload)
   end
 
   it "decodes valid JWTs" do
@@ -34,43 +34,46 @@ describe JWT do
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
     decoded_payload = JWT.decode(example_jwt, example_secret)
-    decoded_payload.should == example_payload
+    expect(decoded_payload).to include(example_payload)
   end
 
   it "raises exception when the token is invalid" do
     example_secret = 'secret'
     # Same as above exmaple with some random bytes replaced
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHiMomlwIjogIkJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
-    lambda { JWT.decode(example_jwt, example_secret) }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
 
   it "raises exception with wrong hmac key" do
     right_secret = 'foo'
     bad_secret = 'bar'
     jwt_message = JWT.encode(@payload, right_secret, "HS256")
-    lambda { JWT.decode(jwt_message, bad_secret) }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::DecodeError)
   end
 
   it "raises exception with wrong rsa key" do
     right_private_key = OpenSSL::PKey::RSA.generate(512)
     bad_private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, right_private_key, "RS256")
-    lambda { JWT.decode(jwt, bad_private_key.public_key) }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::DecodeError)
   end
 
   it "raises exception with invalid signature" do
-    example_payload = {"hello" => "world"}
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.'
-    lambda { JWT.decode(example_jwt, example_secret) }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
 
   it "raises exception with nonexistent header" do
-    lambda { JWT.decode("..stuff") }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode("..stuff") }.to raise_error(JWT::DecodeError)
   end
 
   it "raises exception with nonexistent payload" do
-    lambda { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.to raise_error(JWT::DecodeError)
+  end
+
+  it "raises exception with nil jwt" do
+    expect { JWT.decode(nil) }.to raise_error(JWT::DecodeError)
   end
 
   it "allows decoding without key" do
@@ -78,7 +81,7 @@ describe JWT do
     bad_secret = 'bar'
     jwt = JWT.encode(@payload, right_secret)
     decoded_payload = JWT.decode(jwt, bad_secret, false)
-    decoded_payload.should == @payload
+    expect(decoded_payload).to include(@payload)
   end
 
   it "checks the key when verify is truthy" do
@@ -86,18 +89,24 @@ describe JWT do
     bad_secret = 'bar'
     jwt = JWT.encode(@payload, right_secret)
     verify = "yes" =~ /^y/i
-    lambda { JWT.decode(jwt, bad_secret, verify) }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt, bad_secret, verify) }.to raise_error(JWT::DecodeError)
   end
 
   it "raises exception on unsupported crypto algorithm" do
-    lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
+    expect { JWT.encode(@payload, "secret", 'HS1024') }.to raise_error(NotImplementedError)
   end
 
   it "encodes and decodes plaintext JWTs" do
     jwt = JWT.encode(@payload, nil, nil)
-    jwt.split('.').length.should == 2
+    expect(jwt.split('.').length).to eq(2)
     decoded_payload = JWT.decode(jwt, nil, nil)
-    decoded_payload.should == @payload
+    expect(decoded_payload).to include(@payload)
+  end
+
+  it "requires a signature segment when verify is truthy" do
+    jwt = JWT.encode(@payload, nil, nil)
+    expect(jwt.split('.').length).to eq(2)
+    expect { JWT.decode(jwt, nil, true) }.to raise_error(JWT::DecodeError)
   end
 
   it "does not use == to compare digests" do
@@ -106,9 +115,9 @@ describe JWT do
     crypto_segment = jwt.split(".").last
 
     signature = JWT.base64url_decode(crypto_segment)
-    signature.should_not_receive('==')
-    JWT.should_receive(:base64url_decode).with(crypto_segment).once.and_return(signature)
-    JWT.should_receive(:base64url_decode).at_least(:once).and_call_original
+    expect(signature).not_to receive('==')
+    expect(JWT).to receive(:base64url_decode).with(crypto_segment).once.and_return(signature)
+    expect(JWT).to receive(:base64url_decode).at_least(:once).and_call_original
 
     JWT.decode(jwt, secret)
   end
@@ -125,14 +134,14 @@ describe JWT do
       end
     end
 
-    it "retuns falise of the strings are different" do
-        expect(JWT.secure_compare("Foo", "Bar")).to be_false
+    it "retuns false if the strings are different" do
+      expect(JWT.secure_compare("Foo", "Bar")).to be_false
     end
   end
 
   # no method should leave OpenSSL.errors populated
   after do
-    OpenSSL.errors.should be_empty
+    expect(OpenSSL.errors).to be_empty
   end
 
   it "raise exception on invalid signature" do
@@ -157,13 +166,24 @@ PUBKEY
       'wcy1PxsROY1fmBvXSer0IQesAqOW-rPOCNReSn-eY8d53ph1x2HAF-AzEi3GOl' +
       '6hFycH8wj7Su6JqqyEbIVLxE7q7DkAZGaMPkxbTHs1EhSd5_oaKQ6O4xO3ZnnT4'
     )
-    lambda { JWT.decode(jwt, pubkey, true) }.should raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt, pubkey, true) }.to raise_error(JWT::DecodeError)
   end
 
   describe "urlsafe base64 encoding" do
     it "replaces + and / with - and _" do
-      Base64.stub(:encode64) { "string+with/non+url-safe/characters_" }
-      JWT.base64url_encode("foo").should == "string-with_non-url-safe_characters_"
+      allow(Base64).to receive(:encode64) { "string+with/non+url-safe/characters_" }
+      expect(JWT.base64url_encode("foo")).to eq("string-with_non-url-safe_characters_")
+    end
+  end
+
+  describe 'decoded_segments' do
+    it "allows access to the decoded header and payload" do
+      secret = "secret"
+      jwt = JWT.encode(@payload, secret)
+      decoded_segments = JWT.decoded_segments(jwt)
+      expect(decoded_segments.size).to eq(4)
+      expect(decoded_segments[0]).to eq({"typ" => "JWT", "alg" => "HS256"})
+      expect(decoded_segments[1]).to eq(@payload)
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 0.1.13
+  version: 1.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,24 +9,8 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-09 00:00:00.000000000 Z
+date: 2014-05-07 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: multi_json
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: echoe
   requirement: !ruby/object:Gem::Requirement
@@ -49,9 +33,11 @@ executables: []
 extensions: []
 extra_rdoc_files:
 - lib/jwt.rb
+- lib/jwt/json.rb
 files:
 - Rakefile
 - lib/jwt.rb
+- lib/jwt/json.rb
 - spec/helper.rb
 - spec/jwt_spec.rb
 - Manifest