RubyGems - jwt - Versions diffs - 1.0.0 → 1.2.0 - Mend

jwt 1.0.0 → 1.2.0

Files changed (6) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fee3225d7739e1ab161dc39347ac2a20798f8fde
+  data.tar.gz: 979eb55ee5a17bba062741a6024d11000b45d7fc
+SHA512:
+  metadata.gz: 423bb31cbe9140a3f8d627f87b8131d36d980e9d70dd844a5876a4d91665f145f9e8ac43d5f77f975e180d23387366473c3bc9ff70f31d466e7c3edfd97cdde4
+  data.tar.gz: ec9d3d47e5e877a8f8b03b2447611b2a1f23c863624827dfa7832bebae40ffcaaff8173da23f10df0a9660fda36ebf7980e306eb3b891091dc31423eea39e6a2

data/Rakefile CHANGED Viewed

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
-Echoe.new('jwt', '1.0.0') do |p|
+Echoe.new('jwt', '1.2.0') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"

data/jwt.gemspec CHANGED Viewed

@@ -1,26 +1,27 @@
 # -*- encoding: utf-8 -*-
+# stub: jwt 1.2.0 ruby lib
 Gem::Specification.new do |s|
   s.name = "jwt"
-  s.version = "1.0.0"
+  s.version = "1.2.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
   s.authors = ["Jeff Lindsay"]
-  s.date = "2014-05-07"
+  s.date = "2014-11-24"
   s.description = "JSON Web Token implementation in Ruby"
   s.email = "progrium@gmail.com"
   s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]
-  s.files = ["Rakefile", "lib/jwt.rb", "lib/jwt/json.rb", "spec/helper.rb", "spec/jwt_spec.rb", "Manifest", "jwt.gemspec"]
+  s.files = ["Manifest", "Rakefile", "jwt.gemspec", "lib/jwt.rb", "lib/jwt/json.rb", "spec/helper.rb", "spec/jwt_spec.rb"]
   s.homepage = "http://github.com/progrium/ruby-jwt"
   s.licenses = ["MIT"]
   s.rdoc_options = ["--line-numbers", "--title", "Jwt", "--main", "README.md"]
-  s.require_paths = ["lib"]
   s.rubyforge_project = "jwt"
-  s.rubygems_version = "1.8.23"
+  s.rubygems_version = "2.3.0"
   s.summary = "JSON Web Token implementation in Ruby"
   if s.respond_to? :specification_version then
-    s.specification_version = 3
+    s.specification_version = 4
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_development_dependency(%q<echoe>, [">= 4.6.3"])

data/lib/jwt.rb CHANGED Viewed

@@ -10,6 +10,7 @@ require "jwt/json"
 module JWT
   class DecodeError < StandardError; end
+  class ExpiredSignature < StandardError; end
   extend JWT::Json
   module_function
@@ -93,16 +94,25 @@ module JWT
     [header, payload, signature, signing_input]
   end
-  def decode(jwt, key=nil, verify=true, &keyfinder)
+  def decode(jwt, key=nil, verify=true, options={}, &keyfinder)
     raise JWT::DecodeError.new("Nil JSON web token") unless jwt
     header, payload, signature, signing_input = decoded_segments(jwt, verify)
     raise JWT::DecodeError.new("Not enough or too many segments") unless header && payload
+    default_options = {
+      :verify_expiration => true,
+      :leeway => 0
+    }
+    options = default_options.merge(options)
     if verify
       algo, key = signature_algorithm_and_key(header, key, &keyfinder)
       verify_signature(algo, key, signing_input, signature)
     end
+    if options[:verify_expiration] && payload.include?('exp')
+      raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'] > (Time.now.to_i - options[:leeway])
+    end
     return payload,header
   end

data/spec/jwt_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@ require 'helper'
 describe JWT do
   before do
-    @payload = {"foo" => "bar"}
+    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1}
   end
   it "encodes and decodes JWTs" do
@@ -122,20 +122,46 @@ describe JWT do
     JWT.decode(jwt, secret)
   end
+  it "raises error when expired" do
+    expired_payload = @payload.clone
+    expired_payload['exp'] = Time.now.to_i - 1
+    secret = "secret"
+    jwt = JWT.encode(expired_payload, secret)
+    expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ExpiredSignature)
+  end
+  it "performs normal decode with skipped expiration check" do
+    expired_payload = @payload.clone
+    expired_payload['exp'] = Time.now.to_i - 1
+    secret = "secret"
+    jwt = JWT.encode(expired_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
+    expect(decoded_payload).to include(expired_payload)
+  end
+  it "performs normal decode using leeway" do
+    expired_payload = @payload.clone
+    expired_payload['exp'] = Time.now.to_i - 2
+    secret = "secret"
+    jwt = JWT.encode(expired_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
+    expect(decoded_payload).to include(expired_payload)
+  end
   describe "secure comparison" do
     it "returns true if strings are equal" do
-      expect(JWT.secure_compare("Foo", "Foo")).to be_true
+      expect(JWT.secure_compare("Foo", "Foo")).to be true
     end
     it "returns false if either input is nil or empty" do
       [nil, ""].each do |bad|
-        expect(JWT.secure_compare(bad, "Foo")).to be_false
-        expect(JWT.secure_compare("Foo", bad)).to be_false
+        expect(JWT.secure_compare(bad, "Foo")).to be false
+        expect(JWT.secure_compare("Foo", bad)).to be false
       end
     end
     it "retuns false if the strings are different" do
-      expect(JWT.secure_compare("Foo", "Bar")).to be_false
+      expect(JWT.secure_compare("Foo", "Bar")).to be false
     end
   end

metadata CHANGED Viewed

@@ -1,30 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 1.0.0
-  prerelease:
+  version: 1.2.0
 platform: ruby
 authors:
 - Jeff Lindsay
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-05-07 00:00:00.000000000 Z
+date: 2014-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: echoe
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.6.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.6.3
 description: JSON Web Token implementation in Ruby
@@ -35,41 +32,40 @@ extra_rdoc_files:
 - lib/jwt.rb
 - lib/jwt/json.rb
 files:
+- Manifest
 - Rakefile
+- jwt.gemspec
 - lib/jwt.rb
 - lib/jwt/json.rb
 - spec/helper.rb
 - spec/jwt_spec.rb
-- Manifest
-- jwt.gemspec
 homepage: http://github.com/progrium/ruby-jwt
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options:
-- --line-numbers
-- --title
+- "--line-numbers"
+- "--title"
 - Jwt
-- --main
+- "--main"
 - README.md
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '1.2'
 requirements: []
 rubyforge_project: jwt
-rubygems_version: 1.8.23
+rubygems_version: 2.3.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: JSON Web Token implementation in Ruby
 test_files: []