RubyGems - jwt - Versions diffs - 1.2.1 → 1.3.0 - Mend

jwt 1.2.1 → 1.3.0

Files changed (8) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b05ae75c68fd86cab9446c4ad8df062ed5b226f1
-  data.tar.gz: a803c3eaf081008f7c07f3a44d7e2e56d1ecb924
+  metadata.gz: 8f9090c3c5618d2e844c93a71d27b0fc09761f3b
+  data.tar.gz: c9207a0a342a524526ca808643717da32a369fd6
 SHA512:
-  metadata.gz: 34b8647e6b53bcb0730b43ceba858b8897c9dec71410edc8700e6afbf5dfd142b4caefa6f85963aa691f057bd58a2f0c056a4b91087021e9e5b9cdb75b6a18d0
-  data.tar.gz: 182254bae4665e5593a4013750c123932cdd24bf7d2aed821bc626edaaa4dbdc067e2055ce394bab48ec477476ae948ace953b09593877271973120499bad30a
+  metadata.gz: 94d6c47e835ba56c48afcac43912caa94c30ed83e4ba09a8cf0e94036f8c14d54c097931d732b5777f1fa45c09eca85735b9982c0ba8606f1d2da551d9d9fe90
+  data.tar.gz: 547492a234aa3f61299117ea2a770601710c9e36ed6d6df1f3e83b85d6e6693efa7da5c25ebb132ceff50998762229ae17649fd410df67f1d2ec92c8f63de28a

data/Rakefile CHANGED

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
-Echoe.new('jwt', '1.2.1') do |p|
+Echoe.new('jwt', '1.3.0') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"

data/jwt.gemspec CHANGED

@@ -1,14 +1,14 @@
 # -*- encoding: utf-8 -*-
-# stub: jwt 1.2.1 ruby lib
+# stub: jwt 1.3.0 ruby lib
 Gem::Specification.new do |s|
   s.name = "jwt"
-  s.version = "1.2.1"
+  s.version = "1.3.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Jeff Lindsay"]
-  s.date = "2015-01-23"
+  s.date = "2015-02-24"
   s.description = "JSON Web Token implementation in Ruby"
   s.email = "progrium@gmail.com"
   s.extra_rdoc_files = ["lib/jwt.rb", "lib/jwt/json.rb"]
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.licenses = ["MIT"]
   s.rdoc_options = ["--line-numbers", "--title", "Jwt", "--main", "README.md"]
   s.rubyforge_project = "jwt"
-  s.rubygems_version = "2.3.0"
+  s.rubygems_version = "2.4.6"
   s.summary = "JSON Web Token implementation in Ruby"
   if s.respond_to? :specification_version then

data/lib/jwt.rb CHANGED

@@ -10,7 +10,9 @@ require "jwt/json"
 module JWT
   class DecodeError < StandardError; end
+  class VerificationError < DecodeError; end
   class ExpiredSignature < StandardError; end
+  class ImmatureSignature < StandardError; end
   extend JWT::Json
   module_function
@@ -102,6 +104,7 @@ module JWT
     default_options = {
       :verify_expiration => true,
+      :verify_not_before => true,
       :leeway => 0
     }
     options = default_options.merge(options)
@@ -110,9 +113,13 @@ module JWT
       algo, key = signature_algorithm_and_key(header, key, &keyfinder)
       verify_signature(algo, key, signing_input, signature)
     end
     if options[:verify_expiration] && payload.include?('exp')
       raise JWT::ExpiredSignature.new("Signature has expired") unless payload['exp'].to_i > (Time.now.to_i - options[:leeway])
     end
+    if options[:verify_not_before] && payload.include?('nbf')
+      raise JWT::ImmatureSignature.new("Signature nbf has not been reached") unless payload['nbf'].to_i < (Time.now.to_i + options[:leeway])
+    end
     return payload,header
   end
@@ -126,14 +133,14 @@ module JWT
   def verify_signature(algo, key, signing_input, signature)
     begin
       if ["HS256", "HS384", "HS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
+        raise JWT::VerificationError.new("Signature verification failed") unless secure_compare(signature, sign_hmac(algo, signing_input, key))
       elsif ["RS256", "RS384", "RS512"].include?(algo)
-        raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
+        raise JWT::VerificationError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature)
       else
-        raise JWT::DecodeError.new("Algorithm not supported")
+        raise JWT::VerificationError.new("Algorithm not supported")
       end
     rescue OpenSSL::PKey::PKeyError
-      raise JWT::DecodeError.new("Signature verification failed")
+      raise JWT::VerificationError.new("Signature verification failed")
     ensure
       OpenSSL.errors.clear
     end

data/lib/jwt/json.rb CHANGED

@@ -27,4 +27,4 @@ module JWT
       end
     end
   end
-end
+end

data/spec/helper.rb CHANGED

@@ -3,4 +3,3 @@ require "#{File.dirname(__FILE__)}/../lib/jwt.rb"
 RSpec.configure do |c|
 end

data/spec/jwt_spec.rb CHANGED

@@ -2,7 +2,7 @@ require 'helper'
 describe JWT do
   before do
-    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1}
+    @payload = {"foo" => "bar", "exp" => Time.now.to_i + 1, "nbf" => Time.now.to_i - 1 }
   end
   it "encodes and decodes JWTs" do
@@ -37,42 +37,42 @@ describe JWT do
     expect(decoded_payload).to include(example_payload)
   end
-  it "raises exception when the token is invalid" do
+  it "raises decode exception when the token is invalid" do
     example_secret = 'secret'
     # Same as above exmaple with some random bytes replaced
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHiMomlwIjogIkJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with wrong hmac key" do
+  it "raises verification exception with wrong hmac key" do
     right_secret = 'foo'
     bad_secret = 'bar'
     jwt_message = JWT.encode(@payload, right_secret, "HS256")
-    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt_message, bad_secret) }.to raise_error(JWT::VerificationError)
   end
-  it "raises exception with wrong rsa key" do
+  it "raises verification exception with wrong rsa key" do
     right_private_key = OpenSSL::PKey::RSA.generate(512)
     bad_private_key = OpenSSL::PKey::RSA.generate(512)
     jwt = JWT.encode(@payload, right_private_key, "RS256")
-    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::DecodeError)
+    expect { JWT.decode(jwt, bad_private_key.public_key) }.to raise_error(JWT::VerificationError)
   end
-  it "raises exception with invalid signature" do
+  it "raises decode exception with invalid signature" do
     example_secret = 'secret'
     example_jwt = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJoZWxsbyI6ICJ3b3JsZCJ9.'
     expect { JWT.decode(example_jwt, example_secret) }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with nonexistent header" do
+  it "raises decode exception with nonexistent header" do
     expect { JWT.decode("..stuff") }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with nonexistent payload" do
+  it "raises decode exception with nonexistent payload" do
     expect { JWT.decode("eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..stuff") }.to raise_error(JWT::DecodeError)
   end
-  it "raises exception with nil jwt" do
+  it "raises decode exception with nil jwt" do
     expect { JWT.decode(nil) }.to raise_error(JWT::DecodeError)
   end
@@ -156,6 +156,48 @@ describe JWT do
     expect(decoded_payload).to include(expired_payload)
   end
+  it "raises error when before nbf" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = Time.now.to_i + 1
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
+  end
+  it "doesnt raise error when after nbf" do
+    mature_payload = @payload.clone
+    secret = "secret"
+    jwt = JWT.encode(mature_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:verify_expiration => false})
+    expect(decoded_payload).to include(mature_payload)
+  end
+  it "raise ImmatureSignature even when nbf claim is a string" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = (Time.now.to_i).to_s
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    expect { JWT.decode(jwt, secret) }.to raise_error(JWT::ImmatureSignature)
+  end
+  it "performs normal decode with skipped not before check" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = Time.now.to_i + 2
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:verify_not_before => false})
+    expect(decoded_payload).to include(immature_payload)
+  end
+  it "performs normal decode using leeway" do
+    immature_payload = @payload.clone
+    immature_payload['nbf'] = Time.now.to_i - 2
+    secret = "secret"
+    jwt = JWT.encode(immature_payload, secret)
+    decoded_payload = JWT.decode(jwt, secret, true, {:leeway => 3})
+    expect(decoded_payload).to include(immature_payload)
+  end
   describe "secure comparison" do
     it "returns true if strings are equal" do
       expect(JWT.secure_compare("Foo", "Foo")).to be true

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.0
 platform: ruby
 authors:
 - Jeff Lindsay
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-23 00:00:00.000000000 Z
+date: 2015-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: echoe
@@ -64,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '1.2'
 requirements: []
 rubyforge_project: jwt
-rubygems_version: 2.3.0
+rubygems_version: 2.4.6
 signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby