jwt 1.5.5 → 1.5.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0ab60d996890a0c93b46c4c86170e03fbfdca0c2
4
- data.tar.gz: 83765101b7357c3c548bad68baeff603b83ce446
3
+ metadata.gz: 8cd1a9ca017dec28c4984e18003e8ae58aee776c
4
+ data.tar.gz: c5fef77f9a8e42d8fa92c060c468be6ee2e3c561
5
5
  SHA512:
6
- metadata.gz: bab32a2372d9a05d4f5b8591c77cb9be60c252b796b778c417a5ad9a2f87a7faae3421029b07543c06f3f7bdf5ad2c786776f6f45a93dca7e128f6753ce143dd
7
- data.tar.gz: 1dd7005d75ff1a20cfc95e9362a48776bcc498f26ba4362f027252e32d32dcd30f8a50045fbb85da5486d231c63aaa043b20101169ee1fecf702dee2e95483c8
6
+ metadata.gz: c0dc92b0ea35004782c8260f8d2d47c9973a1172f5eb6bef33fe42ae3a2e8341c9264e5fafc7cb62442039409194c3aa6fbd3db78667db75af04ffd26586422f
7
+ data.tar.gz: af9967d4c04b332ef8916d3b837e31c20b2e5db8c96531b277286324f29730edbc65eb66401f6db405b22dbd2701895d2579796fab368c26bd1fca58aae30840
@@ -1,5 +1,16 @@
1
1
  # Change Log
2
2
 
3
+ ## [v1.5.6](https://github.com/jwt/ruby-jwt/tree/v1.5.6) (2016-09-19)
4
+ [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.5...v1.5.6)
5
+
6
+ **Fixed bugs:**
7
+
8
+ - Fix missing symbol handling in aud verify code [\#166](https://github.com/jwt/ruby-jwt/pull/166) ([excpt](https://github.com/excpt))
9
+
10
+ **Merged pull requests:**
11
+
12
+ - Fix rubocop code smells [\#167](https://github.com/jwt/ruby-jwt/pull/167) ([excpt](https://github.com/excpt))
13
+
3
14
  ## [v1.5.5](https://github.com/jwt/ruby-jwt/tree/v1.5.5) (2016-09-16)
4
15
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.4...v1.5.5)
5
16
 
data/lib/jwt.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'base64'
2
3
  require 'openssl'
3
4
  require 'jwt/decode'
@@ -17,6 +18,17 @@ module JWT
17
18
  'secp521r1' => 'ES512'
18
19
  }.freeze
19
20
 
21
+ DEFAULT_OPTIONS = {
22
+ verify_expiration: true,
23
+ verify_not_before: true,
24
+ verify_iss: false,
25
+ verify_iat: false,
26
+ verify_jti: false,
27
+ verify_aud: false,
28
+ verify_sub: false,
29
+ leeway: 0
30
+ }.freeze
31
+
20
32
  module_function
21
33
 
22
34
  def sign(algorithm, msg, key)
@@ -73,7 +85,7 @@ module JWT
73
85
  end
74
86
 
75
87
  def encoded_payload(payload)
76
- raise InvalidPayload, "exp claim must be an integer" if payload['exp'] && payload['exp'].is_a?(Time)
88
+ raise InvalidPayload, 'exp claim must be an integer' if payload['exp'] && payload['exp'].is_a?(Time)
77
89
  base64url_encode(encode_json(payload))
78
90
  end
79
91
 
@@ -98,51 +110,19 @@ module JWT
98
110
  def decoded_segments(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
99
111
  raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
100
112
 
101
- options = {
102
- verify_expiration: true,
103
- verify_not_before: true,
104
- verify_iss: false,
105
- verify_iat: false,
106
- verify_jti: false,
107
- verify_aud: false,
108
- verify_sub: false,
109
- leeway: 0
110
- }
111
-
112
- merged_options = options.merge(custom_options)
113
+ merged_options = DEFAULT_OPTIONS.merge(custom_options)
113
114
 
114
115
  decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
115
116
  decoder.decode_segments
116
117
  end
117
118
 
118
-
119
119
  def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
120
120
  raise(JWT::DecodeError, 'Nil JSON web token') unless jwt
121
121
 
122
- options = {
123
- verify_expiration: true,
124
- verify_not_before: true,
125
- verify_iss: false,
126
- verify_iat: false,
127
- verify_jti: false,
128
- verify_aud: false,
129
- verify_sub: false,
130
- leeway: 0
131
- }
132
-
133
- merged_options = options.merge(custom_options)
134
-
122
+ merged_options = DEFAULT_OPTIONS.merge(custom_options)
135
123
  decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
136
124
  header, payload, signature, signing_input = decoder.decode_segments
137
-
138
- if verify
139
- algo, key = signature_algorithm_and_key(header, key, &keyfinder)
140
- if merged_options[:algorithm] && algo != merged_options[:algorithm]
141
- raise JWT::IncorrectAlgorithm, 'Expected a different algorithm'
142
- end
143
- verify_signature(algo, key, signing_input, signature)
144
- end
145
-
125
+ decode_verify_signature(key, header, signature, signing_input, merged_options, &keyfinder) if verify
146
126
  decoder.verify
147
127
 
148
128
  raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
@@ -150,12 +130,28 @@ module JWT
150
130
  [payload, header]
151
131
  end
152
132
 
133
+ def decode_verify_signature(key, header, signature, signing_input, options, &keyfinder)
134
+ algo, key = signature_algorithm_and_key(header, key, &keyfinder)
135
+ if options[:algorithm] && algo != options[:algorithm]
136
+ raise JWT::IncorrectAlgorithm, 'Expected a different algorithm'
137
+ end
138
+ verify_signature(algo, key, signing_input, signature)
139
+ end
140
+
153
141
  def signature_algorithm_and_key(header, key, &keyfinder)
154
142
  key = yield(header) if keyfinder
155
143
  [header['alg'], key]
156
144
  end
157
145
 
158
146
  def verify_signature(algo, key, signing_input, signature)
147
+ verify_signature_algo(algo, key, signing_input, signature)
148
+ rescue OpenSSL::PKey::PKeyError
149
+ raise JWT::VerificationError, 'Signature verification raised'
150
+ ensure
151
+ OpenSSL.errors.clear
152
+ end
153
+
154
+ def verify_signature_algo(algo, key, signing_input, signature)
159
155
  if %w(HS256 HS384 HS512).include?(algo)
160
156
  raise(JWT::VerificationError, 'Signature verification raised') unless secure_compare(signature, sign_hmac(algo, signing_input, key))
161
157
  elsif %w(RS256 RS384 RS512).include?(algo)
@@ -165,10 +161,6 @@ module JWT
165
161
  else
166
162
  raise JWT::VerificationError, 'Algorithm not supported'
167
163
  end
168
- rescue OpenSSL::PKey::PKeyError
169
- raise JWT::VerificationError, 'Signature verification raised'
170
- ensure
171
- OpenSSL.errors.clear
172
164
  end
173
165
 
174
166
  # From devise
@@ -179,7 +171,7 @@ module JWT
179
171
 
180
172
  res = 0
181
173
  b.each_byte { |byte| res |= byte ^ l.shift }
182
- res == 0
174
+ res.zero?
183
175
  end
184
176
 
185
177
  def raw_to_asn1(signature, private_key)
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'jwt/json'
2
3
  require 'jwt/verify'
3
4
 
@@ -28,7 +29,7 @@ module JWT
28
29
  def raw_segments(jwt, verify)
29
30
  segments = jwt.split('.')
30
31
  required_num_segments = verify ? [3] : [2, 3]
31
- fail(JWT::DecodeError, 'Not enough or too many segments') unless required_num_segments.include? segments.length
32
+ raise(JWT::DecodeError, 'Not enough or too many segments') unless required_num_segments.include? segments.length
32
33
  segments
33
34
  end
34
35
  private :raw_segments
@@ -47,7 +48,7 @@ module JWT
47
48
 
48
49
  def verify
49
50
  @options.each do |key, val|
50
- next unless key.to_s.match(/verify/)
51
+ next unless key.to_s =~ /verify/
51
52
 
52
53
  Verify.send(key, payload, @options) if val
53
54
  end
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  module JWT
2
3
  class DecodeError < StandardError; end
3
4
  class VerificationError < DecodeError; end
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'json'
2
3
 
3
4
  module JWT
@@ -21,19 +21,7 @@ module JWT
21
21
  return unless (options_aud = extract_option(:aud))
22
22
 
23
23
  if @payload['aud'].is_a?(Array)
24
- if options_aud.is_a?(Array)
25
- options_aud.each do |aud|
26
- raise(
27
- JWT::InvalidAudError,
28
- 'Invalid audience'
29
- ) unless @payload['aud'].include?(aud)
30
- end
31
- else
32
- raise(
33
- JWT::InvalidAudError,
34
- 'Invalid audience'
35
- ) unless @payload['aud'].include?(options_aud)
36
- end
24
+ verify_aud_array(@payload['aud'], options_aud)
37
25
  else
38
26
  raise(
39
27
  JWT::InvalidAudError,
@@ -42,6 +30,16 @@ module JWT
42
30
  end
43
31
  end
44
32
 
33
+ def verify_aud_array(audience, options_aud)
34
+ if options_aud.is_a?(Array)
35
+ options_aud.each do |aud|
36
+ raise(JWT::InvalidAudError, 'Invalid audience') unless audience.include?(aud.to_s)
37
+ end
38
+ else
39
+ raise(JWT::InvalidAudError, 'Invalid audience') unless audience.include?(options_aud.to_s)
40
+ end
41
+ end
42
+
45
43
  def verify_expiration
46
44
  return unless @payload.include?('exp')
47
45
 
@@ -1,4 +1,5 @@
1
1
  # encoding: utf-8
2
+ # frozen_string_literal: true
2
3
 
3
4
  # Moments version builder module
4
5
  module JWT
@@ -13,9 +14,9 @@ module JWT
13
14
  # minor version
14
15
  MINOR = 5
15
16
  # tiny version
16
- TINY = 5
17
+ TINY = 6
17
18
  # alpha, beta, etc. tag
18
- PRE = nil
19
+ PRE = nil
19
20
 
20
21
  # Build version string
21
22
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
@@ -46,6 +46,19 @@ module JWT
46
46
  it 'must allow an array with any value matching the one in the options with a string options key' do
47
47
  Verify.verify_aud(array_payload, options.merge('aud' => array_aud.first))
48
48
  end
49
+
50
+ it 'should allow strings or symbolds in options array' do
51
+ options['aud'] = [
52
+ 'ruby-jwt-aud',
53
+ 'test-aud',
54
+ 'ruby-ruby-ruby',
55
+ :test
56
+ ]
57
+
58
+ array_payload['aud'].push('test')
59
+
60
+ Verify.verify_aud(array_payload, options)
61
+ end
49
62
  end
50
63
 
51
64
  context '.verify_expiration(payload, options)' do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.5
4
+ version: 1.5.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeff Lindsay
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-09-16 00:00:00.000000000 Z
12
+ date: 2016-09-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler