jwt 2.2.1 → 2.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d2008539983aac7d87a7854da7f9540a517bf343c240982c0780c2fe7f7876d
4
- data.tar.gz: 72d347d14c972bbe3f272d67cfe09ce71da36ca8d424d510d4bcd4f902752ac8
3
+ metadata.gz: d98e35d5343562d2f47fd7d89dfae4f4cf28b22eb10bb2e4454d28e38a09bdfa
4
+ data.tar.gz: d0856bbf4805814fea4b370473a8d4f26381b8c5f8b76720bafb87b0a1e0119a
5
5
  SHA512:
6
- metadata.gz: 6817c7e474c45b3649d4dd5391f2c22524aa8eab07bb43a1aec5d22cf0801d9fb88ff0b9bd7ab4f2b46f24aa86e2cceb56fc8ef4552da3515d43ef3f72e4d9bc
7
- data.tar.gz: 5aece771f4d9a1e72042d30580a89af74f1997401478bd2057830c9a90a67fd2abb8170eaade3fa0922ea847e600ebb6dc440df3fede751d8ce848e426e8e9fa
6
+ metadata.gz: a97780005e6bc459d164aadbad6bfe43a524a836cdfb78d0578dadbca124ac900f1067e40bdbb713af821f7500994a7e4ade3e02c4d8b6fe386312fb969dea84
7
+ data.tar.gz: 58707c50cbba56548049f05a79363ac8d69e0489a3a32dbcc7caafc7f75125d14b04c0d8123fd62648cf7697cedabced3cdbc5f83cf8c78dc7c241686cdf524f
@@ -7,14 +7,23 @@ rvm:
7
7
  - 2.4
8
8
  - 2.5
9
9
  - 2.6
10
- gemfiles:
10
+ gemfile:
11
11
  - gemfiles/standalone.gemfile
12
12
  - gemfiles/rails_5.0.gemfile
13
13
  - gemfiles/rails_5.1.gemfile
14
14
  - gemfiles/rails_5.2.gemfile
15
+ - gemfiles/rails_6.0.gemfile
15
16
  script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
16
17
  before_install:
17
18
  - sudo add-apt-repository ppa:chris-lea/libsodium -y
18
19
  - sudo apt-get update -q
19
20
  - sudo apt-get install libsodium-dev -y
20
21
  - gem install bundler
22
+
23
+ matrix:
24
+ fast_finish: true
25
+ exclude:
26
+ - gemfile: gemfiles/rails_6.0.gemfile
27
+ rvm: 2.3
28
+ - gemfile: gemfiles/rails_6.0.gemfile
29
+ rvm: 2.4
data/Appraisals CHANGED
@@ -12,3 +12,7 @@ end
12
12
  appraise 'rails-5.2' do
13
13
  gem 'rails', '~> 5.2.0'
14
14
  end
15
+
16
+ appraise 'rails-6.0' do
17
+ gem 'rails', '~> 6.0.0'
18
+ end
@@ -1,6 +1,54 @@
1
- # Change Log
1
+ # Changelog
2
+
3
+ ## [v2.2.2](https://github.com/jwt/ruby-jwt/tree/v2.2.2) (2020-08-18)
4
+
5
+ [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.1...v2.2.2)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - JWK does not decode. [\#332](https://github.com/jwt/ruby-jwt/issues/332)
10
+ - Inconsistent use of symbol and string keys in args \(exp and alrogithm\). [\#331](https://github.com/jwt/ruby-jwt/issues/331)
11
+ - Pin simplecov to \< 0.18 [\#356](https://github.com/jwt/ruby-jwt/pull/356) ([anakinj](https://github.com/anakinj))
12
+ - verifies algorithm before evaluating keyfinder [\#346](https://github.com/jwt/ruby-jwt/pull/346) ([jb08](https://github.com/jb08))
13
+ - Update Rails 6 appraisal to use actual release version [\#336](https://github.com/jwt/ruby-jwt/pull/336) ([smudge](https://github.com/smudge))
14
+ - Update Travis [\#326](https://github.com/jwt/ruby-jwt/pull/326) ([berkos](https://github.com/berkos))
15
+ - Improvement/encode hmac without key [\#312](https://github.com/jwt/ruby-jwt/pull/312) ([JotaSe](https://github.com/JotaSe))
16
+
17
+ **Fixed bugs:**
18
+
19
+ - v2.2.1 warning: already initialized constant JWT Error [\#335](https://github.com/jwt/ruby-jwt/issues/335)
20
+ - 2.2.1 is no longer raising `JWT::DecodeError` on `nil` verification key [\#328](https://github.com/jwt/ruby-jwt/issues/328)
21
+ - Fix algorithm picking from decode options [\#359](https://github.com/jwt/ruby-jwt/pull/359) ([excpt](https://github.com/excpt))
22
+ - Raise error when verification key is empty [\#358](https://github.com/jwt/ruby-jwt/pull/358) ([anakinj](https://github.com/anakinj))
23
+
24
+ **Closed issues:**
25
+
26
+ - JWT RSA: is it possible to encrypt using the public key? [\#366](https://github.com/jwt/ruby-jwt/issues/366)
27
+ - Example unsigned token that bypasses verification [\#364](https://github.com/jwt/ruby-jwt/issues/364)
28
+ - Verify exp claim/field even if it's not present [\#363](https://github.com/jwt/ruby-jwt/issues/363)
29
+ - Decode any token [\#360](https://github.com/jwt/ruby-jwt/issues/360)
30
+ - \[question\] example of using a pub/priv keys for signing? [\#351](https://github.com/jwt/ruby-jwt/issues/351)
31
+ - JWT::ExpiredSignature raised for non-JSON payloads [\#350](https://github.com/jwt/ruby-jwt/issues/350)
32
+ - verify\_aud only verifies that at least one aud is expected [\#345](https://github.com/jwt/ruby-jwt/issues/345)
33
+ - Sinatra 4.90s TTFB [\#344](https://github.com/jwt/ruby-jwt/issues/344)
34
+ - How to Logout [\#342](https://github.com/jwt/ruby-jwt/issues/342)
35
+ - jwt token decoding even when wrong token is provided for some letters [\#337](https://github.com/jwt/ruby-jwt/issues/337)
36
+ - Need to use `symbolize\_keys` everywhere! [\#330](https://github.com/jwt/ruby-jwt/issues/330)
37
+ - eval\(\) used in Forwardable limits usage in iOS App Store [\#324](https://github.com/jwt/ruby-jwt/issues/324)
38
+ - HS512256 OpenSSL Exception: First num too large [\#322](https://github.com/jwt/ruby-jwt/issues/322)
39
+ - Can we change the separator character? [\#321](https://github.com/jwt/ruby-jwt/issues/321)
40
+ - Verifying iat without leeway may break with poorly synced clocks [\#319](https://github.com/jwt/ruby-jwt/issues/319)
41
+ - Adding support for 'hd' hosted domain string [\#314](https://github.com/jwt/ruby-jwt/issues/314)
42
+ - There is no "typ" header in version 2.0.0 [\#233](https://github.com/jwt/ruby-jwt/issues/233)
43
+
44
+ **Merged pull requests:**
45
+
46
+ - Fix 'already initialized constant JWT Error' [\#357](https://github.com/jwt/ruby-jwt/pull/357) ([excpt](https://github.com/excpt))
47
+ - Support RSA.import for all Ruby versions. [\#333](https://github.com/jwt/ruby-jwt/pull/333) ([rabajaj0509](https://github.com/rabajaj0509))
48
+ - Removed forwardable dependency [\#325](https://github.com/jwt/ruby-jwt/pull/325) ([anakinj](https://github.com/anakinj))
2
49
 
3
50
  ## [v2.2.1](https://github.com/jwt/ruby-jwt/tree/v2.2.1) (2019-05-24)
51
+
4
52
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.0...v2.2.1)
5
53
 
6
54
  **Fixed bugs:**
@@ -8,7 +56,12 @@
8
56
  - need to `require 'forwardable'` to use `Forwardable` [\#316](https://github.com/jwt/ruby-jwt/issues/316)
9
57
  - Add forwardable dependency for JWK RSA KeyFinder [\#317](https://github.com/jwt/ruby-jwt/pull/317) ([excpt](https://github.com/excpt))
10
58
 
59
+ **Merged pull requests:**
60
+
61
+ - Release 2.2.1 [\#318](https://github.com/jwt/ruby-jwt/pull/318) ([excpt](https://github.com/excpt))
62
+
11
63
  ## [v2.2.0](https://github.com/jwt/ruby-jwt/tree/v2.2.0) (2019-05-23)
64
+
12
65
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.0.pre.beta.0...v2.2.0)
13
66
 
14
67
  **Closed issues:**
@@ -22,6 +75,7 @@
22
75
  - Release 2.2.0 [\#315](https://github.com/jwt/ruby-jwt/pull/315) ([excpt](https://github.com/excpt))
23
76
 
24
77
  ## [v2.2.0.pre.beta.0](https://github.com/jwt/ruby-jwt/tree/v2.2.0.pre.beta.0) (2019-03-20)
78
+
25
79
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.1.0...v2.2.0.pre.beta.0)
26
80
 
27
81
  **Implemented enhancements:**
@@ -46,17 +100,18 @@
46
100
  **Fixed bugs:**
47
101
 
48
102
  - Inconsistent handling of payload claim data types [\#282](https://github.com/jwt/ruby-jwt/issues/282)
49
- - Use iat\\_leeway option [\#273](https://github.com/jwt/ruby-jwt/issues/273)
50
103
  - Issued at validation [\#247](https://github.com/jwt/ruby-jwt/issues/247)
51
104
  - Fix bug and simplify segment validation [\#292](https://github.com/jwt/ruby-jwt/pull/292) ([anakinj](https://github.com/anakinj))
52
- - Removed leeway from verify\\_iat [\#257](https://github.com/jwt/ruby-jwt/pull/257) ([ab320012](https://github.com/ab320012))
105
+
106
+ **Security fixes:**
107
+
108
+ - Decoding JWT with ES256 and secp256k1 curve [\#277](https://github.com/jwt/ruby-jwt/issues/277)
53
109
 
54
110
  **Closed issues:**
55
111
 
56
112
  - RS256, public and private keys [\#291](https://github.com/jwt/ruby-jwt/issues/291)
57
113
  - Allow passing current time to `decode` [\#288](https://github.com/jwt/ruby-jwt/issues/288)
58
114
  - Verify exp claim without verifying jwt [\#281](https://github.com/jwt/ruby-jwt/issues/281)
59
- - Decoding JWT with ES256 and secp256k1 curve [\#277](https://github.com/jwt/ruby-jwt/issues/277)
60
115
  - Audience as an array - how to specify? [\#276](https://github.com/jwt/ruby-jwt/issues/276)
61
116
  - signature validation using decode method for JWT [\#271](https://github.com/jwt/ruby-jwt/issues/271)
62
117
  - JWT is easily breakable [\#267](https://github.com/jwt/ruby-jwt/issues/267)
@@ -91,6 +146,7 @@
91
146
  - Fix link format [\#248](https://github.com/jwt/ruby-jwt/pull/248) ([y-yagi](https://github.com/y-yagi))
92
147
 
93
148
  ## [v2.1.0](https://github.com/jwt/ruby-jwt/tree/v2.1.0) (2017-10-06)
149
+
94
150
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.0.0...v2.1.0)
95
151
 
96
152
  **Implemented enhancements:**
@@ -101,13 +157,17 @@
101
157
  - verify takes 2 params, second being payload closes: \#207 [\#238](https://github.com/jwt/ruby-jwt/pull/238) ([ab320012](https://github.com/ab320012))
102
158
  - simplified logic for keyfinder [\#237](https://github.com/jwt/ruby-jwt/pull/237) ([ab320012](https://github.com/ab320012))
103
159
  - Show backtrace if rbnacl-libsodium not loaded [\#231](https://github.com/jwt/ruby-jwt/pull/231) ([buzztaiki](https://github.com/buzztaiki))
160
+ - Support for ED25519 [\#229](https://github.com/jwt/ruby-jwt/pull/229) ([ab320012](https://github.com/ab320012))
104
161
 
105
162
  **Fixed bugs:**
106
163
 
107
164
  - JWT.encode failing on encode for string [\#235](https://github.com/jwt/ruby-jwt/issues/235)
108
- - The README says it uses an algorithm by default [\#226](https://github.com/jwt/ruby-jwt/issues/226)
109
165
  - Fix string payload issue [\#236](https://github.com/jwt/ruby-jwt/pull/236) ([excpt](https://github.com/excpt))
110
166
 
167
+ **Security fixes:**
168
+
169
+ - Add HS256 algorithm to decode default options [\#228](https://github.com/jwt/ruby-jwt/pull/228) ([marcoadkins](https://github.com/marcoadkins))
170
+
111
171
  **Closed issues:**
112
172
 
113
173
  - Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" [\#240](https://github.com/jwt/ruby-jwt/issues/240)
@@ -119,17 +179,14 @@
119
179
  - Update README.md [\#242](https://github.com/jwt/ruby-jwt/pull/242) ([excpt](https://github.com/excpt))
120
180
  - Update ebert configuration [\#232](https://github.com/jwt/ruby-jwt/pull/232) ([excpt](https://github.com/excpt))
121
181
  - added algos/strategy classes + structs for inputs [\#230](https://github.com/jwt/ruby-jwt/pull/230) ([ab320012](https://github.com/ab320012))
122
- - Add HS256 algorithm to decode default options [\#228](https://github.com/jwt/ruby-jwt/pull/228) ([madkin10](https://github.com/madkin10))
123
182
 
124
183
  ## [v2.0.0](https://github.com/jwt/ruby-jwt/tree/v2.0.0) (2017-09-03)
125
- [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.0.0.beta1...v2.0.0)
126
184
 
127
- **Implemented enhancements:**
128
-
129
- - Support for ED25519 [\#229](https://github.com/jwt/ruby-jwt/pull/229) ([ab320012](https://github.com/ab320012))
185
+ [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.0.0.beta1...v2.0.0)
130
186
 
131
187
  **Fixed bugs:**
132
188
 
189
+ - The README says it uses an algorithm by default [\#226](https://github.com/jwt/ruby-jwt/issues/226)
133
190
  - Support versions outside 2.1 [\#209](https://github.com/jwt/ruby-jwt/issues/209)
134
191
  - Verifying expiration without leeway throws exception [\#206](https://github.com/jwt/ruby-jwt/issues/206)
135
192
  - Ruby interpreter warning [\#200](https://github.com/jwt/ruby-jwt/issues/200)
@@ -156,9 +213,9 @@
156
213
  - Allow configuration of multiple acceptable issuers [\#210](https://github.com/jwt/ruby-jwt/pull/210) ([ojab](https://github.com/ojab))
157
214
  - Enforce `exp` to be an `Integer` [\#205](https://github.com/jwt/ruby-jwt/pull/205) ([lucasmazza](https://github.com/lucasmazza))
158
215
  - ruby 1.9.3 support message upd [\#204](https://github.com/jwt/ruby-jwt/pull/204) ([maokomioko](https://github.com/maokomioko))
159
- - Guard against partially loaded RbNaCl when failing to load libsodium [\#202](https://github.com/jwt/ruby-jwt/pull/202) ([Dorian](https://github.com/Dorian))
160
216
 
161
217
  ## [v2.0.0.beta1](https://github.com/jwt/ruby-jwt/tree/v2.0.0.beta1) (2017-02-27)
218
+
162
219
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.6...v2.0.0.beta1)
163
220
 
164
221
  **Implemented enhancements:**
@@ -178,9 +235,9 @@
178
235
 
179
236
  - ruby-jwt::raw\_to\_asn1: Fails for signatures less than byte\_size [\#155](https://github.com/jwt/ruby-jwt/issues/155)
180
237
  - The leeway parameter is applies to all time based verifications [\#129](https://github.com/jwt/ruby-jwt/issues/129)
181
- - Add options for claim-specific leeway [\#187](https://github.com/jwt/ruby-jwt/pull/187) ([EmilioCristalli](https://github.com/EmilioCristalli))
182
238
  - Make algorithm option required to verify signature [\#184](https://github.com/jwt/ruby-jwt/pull/184) ([EmilioCristalli](https://github.com/EmilioCristalli))
183
239
  - Validate audience when payload is a scalar and options is an array [\#183](https://github.com/jwt/ruby-jwt/pull/183) ([steti](https://github.com/steti))
240
+ - Fix: exp claim check [\#161](https://github.com/jwt/ruby-jwt/pull/161) ([excpt](https://github.com/excpt))
184
241
 
185
242
  **Closed issues:**
186
243
 
@@ -207,6 +264,7 @@
207
264
  - Fixed a typo in a spec name [\#169](https://github.com/jwt/ruby-jwt/pull/169) ([mingan](https://github.com/mingan))
208
265
 
209
266
  ## [v1.5.6](https://github.com/jwt/ruby-jwt/tree/v1.5.6) (2016-09-19)
267
+
210
268
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.5...v1.5.6)
211
269
 
212
270
  **Fixed bugs:**
@@ -219,6 +277,7 @@
219
277
  - Fix rubocop code smells [\#167](https://github.com/jwt/ruby-jwt/pull/167) ([excpt](https://github.com/excpt))
220
278
 
221
279
  ## [v1.5.5](https://github.com/jwt/ruby-jwt/tree/v1.5.5) (2016-09-16)
280
+
222
281
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.4...v1.5.5)
223
282
 
224
283
  **Implemented enhancements:**
@@ -232,13 +291,16 @@
232
291
  - Audience Claim broken? [\#151](https://github.com/jwt/ruby-jwt/issues/151)
233
292
  - 1.5.3 breaks compatibility with 1.5.2 [\#133](https://github.com/jwt/ruby-jwt/issues/133)
234
293
  - Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such [\#132](https://github.com/jwt/ruby-jwt/issues/132)
235
- - Fix: exp claim check [\#161](https://github.com/jwt/ruby-jwt/pull/161) ([excpt](https://github.com/excpt))
294
+
295
+ **Security fixes:**
296
+
297
+ - \[security\] Signature verified after expiration/sub/iss checks [\#153](https://github.com/jwt/ruby-jwt/issues/153)
298
+ - Signature validation before claim verification [\#160](https://github.com/jwt/ruby-jwt/pull/160) ([excpt](https://github.com/excpt))
236
299
 
237
300
  **Closed issues:**
238
301
 
239
302
  - Rendering Json Results in JWT::DecodeError [\#162](https://github.com/jwt/ruby-jwt/issues/162)
240
303
  - PHP Libraries [\#154](https://github.com/jwt/ruby-jwt/issues/154)
241
- - \[security\] Signature verified after expiration/sub/iss checks [\#153](https://github.com/jwt/ruby-jwt/issues/153)
242
304
  - Is ruby-jwt thread-safe? [\#150](https://github.com/jwt/ruby-jwt/issues/150)
243
305
  - JWT 1.5.3 [\#143](https://github.com/jwt/ruby-jwt/issues/143)
244
306
  - gem install v 1.5.3 returns error [\#141](https://github.com/jwt/ruby-jwt/issues/141)
@@ -249,17 +311,15 @@
249
311
  - Bump version [\#165](https://github.com/jwt/ruby-jwt/pull/165) ([excpt](https://github.com/excpt))
250
312
  - Improve error message for exp claim in payload [\#164](https://github.com/jwt/ruby-jwt/pull/164) ([excpt](https://github.com/excpt))
251
313
  - Fix \#151 and code refactoring [\#163](https://github.com/jwt/ruby-jwt/pull/163) ([excpt](https://github.com/excpt))
252
- - Signature validation before claim verification [\#160](https://github.com/jwt/ruby-jwt/pull/160) ([excpt](https://github.com/excpt))
253
314
  - Create specs for README.md examples [\#159](https://github.com/jwt/ruby-jwt/pull/159) ([excpt](https://github.com/excpt))
254
315
  - Tiny Readme Improvement [\#156](https://github.com/jwt/ruby-jwt/pull/156) ([b264](https://github.com/b264))
255
316
  - Added test execution to Rakefile [\#147](https://github.com/jwt/ruby-jwt/pull/147) ([jabbrwcky](https://github.com/jabbrwcky))
256
- - Add more bling bling to the site [\#146](https://github.com/jwt/ruby-jwt/pull/146) ([excpt](https://github.com/excpt))
257
317
  - Bump version [\#145](https://github.com/jwt/ruby-jwt/pull/145) ([excpt](https://github.com/excpt))
258
- - Add first content and basic layout [\#144](https://github.com/jwt/ruby-jwt/pull/144) ([excpt](https://github.com/excpt))
259
318
  - Add a changelog file [\#142](https://github.com/jwt/ruby-jwt/pull/142) ([excpt](https://github.com/excpt))
260
319
  - Return decoded\_segments [\#139](https://github.com/jwt/ruby-jwt/pull/139) ([akostrikov](https://github.com/akostrikov))
261
320
 
262
321
  ## [v1.5.4](https://github.com/jwt/ruby-jwt/tree/v1.5.4) (2016-03-24)
322
+
263
323
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.3...v1.5.4)
264
324
 
265
325
  **Closed issues:**
@@ -274,6 +334,7 @@
274
334
  - iat can be a float value [\#134](https://github.com/jwt/ruby-jwt/pull/134) ([llimllib](https://github.com/llimllib))
275
335
 
276
336
  ## [v1.5.3](https://github.com/jwt/ruby-jwt/tree/v1.5.3) (2016-02-24)
337
+
277
338
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.2...v1.5.3)
278
339
 
279
340
  **Implemented enhancements:**
@@ -305,6 +366,7 @@
305
366
  - Fix error misspelling [\#112](https://github.com/jwt/ruby-jwt/pull/112) ([kat3kasper](https://github.com/kat3kasper))
306
367
 
307
368
  ## [jwt-1.5.2](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.2) (2015-10-27)
369
+
308
370
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.1...jwt-1.5.2)
309
371
 
310
372
  **Implemented enhancements:**
@@ -342,6 +404,7 @@
342
404
  - nbf check allows exact time matches. [\#88](https://github.com/jwt/ruby-jwt/pull/88) ([aj-michael](https://github.com/aj-michael))
343
405
 
344
406
  ## [jwt-1.5.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.1) (2015-06-22)
407
+
345
408
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.0...jwt-1.5.1)
346
409
 
347
410
  **Implemented enhancements:**
@@ -353,7 +416,6 @@
353
416
 
354
417
  - ECDSA signature verification fails for valid tokens [\#84](https://github.com/jwt/ruby-jwt/issues/84)
355
418
  - Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? [\#81](https://github.com/jwt/ruby-jwt/issues/81)
356
- - Fix either README or source code [\#78](https://github.com/jwt/ruby-jwt/issues/78)
357
419
  - decode fails with 'none' algorithm and verify [\#75](https://github.com/jwt/ruby-jwt/issues/75)
358
420
 
359
421
  **Closed issues:**
@@ -369,6 +431,7 @@
369
431
  - Force verification of "iss" and "aud" claims [\#82](https://github.com/jwt/ruby-jwt/pull/82) ([lwe](https://github.com/lwe))
370
432
 
371
433
  ## [jwt-1.5.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.0) (2015-05-09)
434
+
372
435
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.4.1...jwt-1.5.0)
373
436
 
374
437
  **Implemented enhancements:**
@@ -386,6 +449,7 @@
386
449
  - Fixed some examples to make them copy-pastable [\#72](https://github.com/jwt/ruby-jwt/pull/72) ([jer](https://github.com/jer))
387
450
 
388
451
  ## [jwt-1.4.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.4.1) (2015-03-12)
452
+
389
453
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.4.0...jwt-1.4.1)
390
454
 
391
455
  **Fixed bugs:**
@@ -397,8 +461,10 @@
397
461
 
398
462
  - Fix \#66 \#68 [\#69](https://github.com/jwt/ruby-jwt/pull/69) ([excpt](https://github.com/excpt))
399
463
  - When throwing errors, mention expected/received values [\#65](https://github.com/jwt/ruby-jwt/pull/65) ([rolodato](https://github.com/rolodato))
464
+ - Add 'iss' support for ruby-jwt [\#61](https://github.com/jwt/ruby-jwt/pull/61) ([ZhangHanDong](https://github.com/ZhangHanDong))
400
465
 
401
466
  ## [jwt-1.4.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.4.0) (2015-03-10)
467
+
402
468
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.3.0...jwt-1.4.0)
403
469
 
404
470
  **Closed issues:**
@@ -410,10 +476,10 @@
410
476
  - Release 1.4.0 [\#64](https://github.com/jwt/ruby-jwt/pull/64) ([excpt](https://github.com/excpt))
411
477
  - Update README.md and remove dead code [\#63](https://github.com/jwt/ruby-jwt/pull/63) ([excpt](https://github.com/excpt))
412
478
  - Add 'iat/ aud/ sub/ jti' support for ruby-jwt [\#62](https://github.com/jwt/ruby-jwt/pull/62) ([ZhangHanDong](https://github.com/ZhangHanDong))
413
- - Add 'iss' support for ruby-jwt [\#61](https://github.com/jwt/ruby-jwt/pull/61) ([ZhangHanDong](https://github.com/ZhangHanDong))
414
479
  - Clarify .encode API in README [\#60](https://github.com/jwt/ruby-jwt/pull/60) ([jbodah](https://github.com/jbodah))
415
480
 
416
481
  ## [jwt-1.3.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.3.0) (2015-02-24)
482
+
417
483
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.2.1...jwt-1.3.0)
418
484
 
419
485
  **Closed issues:**
@@ -429,9 +495,9 @@
429
495
 
430
496
  - raise verification error for signiture verification [\#58](https://github.com/jwt/ruby-jwt/pull/58) ([punkle](https://github.com/punkle))
431
497
  - Added support for not before claim verification [\#56](https://github.com/jwt/ruby-jwt/pull/56) ([punkle](https://github.com/punkle))
432
- - Preperations for version 2.x [\#49](https://github.com/jwt/ruby-jwt/pull/49) ([excpt](https://github.com/excpt))
433
498
 
434
499
  ## [jwt-1.2.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.2.1) (2015-01-22)
500
+
435
501
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.2.0...jwt-1.2.1)
436
502
 
437
503
  **Closed issues:**
@@ -444,6 +510,7 @@
444
510
  - Accept expiration claims as string [\#53](https://github.com/jwt/ruby-jwt/pull/53) ([yarmand](https://github.com/yarmand))
445
511
 
446
512
  ## [jwt-1.2.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.2.0) (2014-11-24)
513
+
447
514
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.13...jwt-1.2.0)
448
515
 
449
516
  **Closed issues:**
@@ -456,6 +523,7 @@
456
523
  - rspec 3 breaks passing tests [\#44](https://github.com/jwt/ruby-jwt/pull/44) ([zshannon](https://github.com/zshannon))
457
524
 
458
525
  ## [jwt-0.1.13](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.13) (2014-05-08)
526
+
459
527
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.0.0...jwt-0.1.13)
460
528
 
461
529
  **Closed issues:**
@@ -465,6 +533,7 @@
465
533
  - Update gem to get latest changes [\#36](https://github.com/jwt/ruby-jwt/issues/36)
466
534
 
467
535
  ## [jwt-1.0.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.0.0) (2014-05-07)
536
+
468
537
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.11...jwt-1.0.0)
469
538
 
470
539
  **Closed issues:**
@@ -481,6 +550,7 @@
481
550
  - Travis - Add Ruby 2.0.0, 2.1.0, Rubinius [\#30](https://github.com/jwt/ruby-jwt/pull/30) ([petergoldstein](https://github.com/petergoldstein))
482
551
 
483
552
  ## [jwt-0.1.11](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.11) (2014-01-17)
553
+
484
554
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.10...jwt-0.1.11)
485
555
 
486
556
  **Closed issues:**
@@ -493,6 +563,7 @@
493
563
  - fixed urlsafe base64 encoding [\#29](https://github.com/jwt/ruby-jwt/pull/29) ([tobscher](https://github.com/tobscher))
494
564
 
495
565
  ## [jwt-0.1.10](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.10) (2014-01-10)
566
+
496
567
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.8...jwt-0.1.10)
497
568
 
498
569
  **Closed issues:**
@@ -510,6 +581,7 @@
510
581
  - Don't leave errors in OpenSSL.errors when there is a decoding error. [\#19](https://github.com/jwt/ruby-jwt/pull/19) ([lowellk](https://github.com/lowellk))
511
582
 
512
583
  ## [jwt-0.1.8](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.8) (2013-03-14)
584
+
513
585
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.7...jwt-0.1.8)
514
586
 
515
587
  **Merged pull requests:**
@@ -518,6 +590,7 @@
518
590
  - Verify if verify is truthy \(not just true\) [\#17](https://github.com/jwt/ruby-jwt/pull/17) ([threedaymonk](https://github.com/threedaymonk))
519
591
 
520
592
  ## [jwt-0.1.7](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.7) (2013-03-07)
593
+
521
594
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.6...jwt-0.1.7)
522
595
 
523
596
  **Merged pull requests:**
@@ -525,6 +598,7 @@
525
598
  - Catch MultiJson::LoadError and reraise as JWT::DecodeError [\#16](https://github.com/jwt/ruby-jwt/pull/16) ([rwygand](https://github.com/rwygand))
526
599
 
527
600
  ## [jwt-0.1.6](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.6) (2013-03-05)
601
+
528
602
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.5...jwt-0.1.6)
529
603
 
530
604
  **Merged pull requests:**
@@ -533,6 +607,7 @@
533
607
  - Use StandardError as parent for DecodeError [\#13](https://github.com/jwt/ruby-jwt/pull/13) ([Oscil8](https://github.com/Oscil8))
534
608
 
535
609
  ## [jwt-0.1.5](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.5) (2012-07-20)
610
+
536
611
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.4...jwt-0.1.5)
537
612
 
538
613
  **Closed issues:**
@@ -545,9 +620,11 @@
545
620
  - Oops. :-\) [\#11](https://github.com/jwt/ruby-jwt/pull/11) ([sporkmonger](https://github.com/sporkmonger))
546
621
  - Fix issue with signature verification in JRuby [\#10](https://github.com/jwt/ruby-jwt/pull/10) ([sporkmonger](https://github.com/sporkmonger))
547
622
  - Depend on MultiJson [\#9](https://github.com/jwt/ruby-jwt/pull/9) ([lautis](https://github.com/lautis))
623
+ - Allow for custom headers on encode and decode [\#8](https://github.com/jwt/ruby-jwt/pull/8) ([dgrijalva](https://github.com/dgrijalva))
548
624
  - Missing development dependency for echoe gem. [\#6](https://github.com/jwt/ruby-jwt/pull/6) ([sporkmonger](https://github.com/sporkmonger))
549
625
 
550
626
  ## [jwt-0.1.4](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.4) (2011-11-11)
627
+
551
628
  [Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.3...jwt-0.1.4)
552
629
 
553
630
  **Merged pull requests:**
@@ -555,16 +632,18 @@
555
632
  - Fix for RSA verification [\#5](https://github.com/jwt/ruby-jwt/pull/5) ([jordan-brough](https://github.com/jordan-brough))
556
633
 
557
634
  ## [jwt-0.1.3](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.3) (2011-06-30)
635
+
636
+ [Full Changelog](https://github.com/jwt/ruby-jwt/compare/10d7492ea325c65fce41191c73cd90d4de494772...jwt-0.1.3)
637
+
558
638
  **Closed issues:**
559
639
 
560
640
  - signatures calculated incorrectly \(hexdigest instead of digest\) [\#1](https://github.com/jwt/ruby-jwt/issues/1)
561
641
 
562
642
  **Merged pull requests:**
563
643
 
564
- - Allow for custom headers on encode and decode [\#8](https://github.com/jwt/ruby-jwt/pull/8) ([dgrijalva](https://github.com/dgrijalva))
565
644
  - Bumped a version and added a .gemspec using rake build\_gemspec [\#3](https://github.com/jwt/ruby-jwt/pull/3) ([zhitomirskiyi](https://github.com/zhitomirskiyi))
566
645
  - Added RSA support [\#2](https://github.com/jwt/ruby-jwt/pull/2) ([zhitomirskiyi](https://github.com/zhitomirskiyi))
567
646
 
568
647
 
569
648
 
570
- \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
649
+ \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
data/README.md CHANGED
@@ -79,6 +79,21 @@ puts token
79
79
 
80
80
  decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
81
81
 
82
+ # Array
83
+ # [
84
+ # {"data"=>"test"}, # payload
85
+ # {"alg"=>"HS256"} # header
86
+ # ]
87
+ puts decoded_token
88
+
89
+ # Without secret key
90
+ token = JWT.encode payload, nil, 'HS256'
91
+
92
+ # eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.pVzcY2dX8JNM3LzIYeP2B1e1Wcpt1K3TWVvIYSF4x-o
93
+ puts token
94
+
95
+ decoded_token = JWT.decode token, nil, true, { algorithm: 'HS256' }
96
+
82
97
  # Array
83
98
  # [
84
99
  # {"data"=>"test"}, # payload
@@ -460,7 +475,7 @@ begin
460
475
  rescue JWT::JWKError
461
476
  # Handle problems with the provided JWKs
462
477
  rescue JWT::DecodeError
463
- # Handle other decode related issues e.g. no kid in header, no matching public key found etc.
478
+ # Handle other decode related issues e.g. no kid in header, no matching public key found etc.
464
479
  end
465
480
  ```
466
481
 
@@ -7,6 +7,7 @@ module JWT
7
7
 
8
8
  def sign(to_sign)
9
9
  algorithm, msg, key = to_sign.values
10
+ key ||= ''
10
11
  authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key)
11
12
  if authenticator && padded_key
12
13
  authenticator.auth(padded_key, msg.encode('binary'))
@@ -33,12 +33,12 @@ module JWT
33
33
  private
34
34
 
35
35
  def verify_signature
36
- @key = find_key(&@keyfinder) if @keyfinder
37
- @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
38
-
39
36
  raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
40
37
  raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
41
38
 
39
+ @key = find_key(&@keyfinder) if @keyfinder
40
+ @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
41
+
42
42
  Signature.verify(header['alg'], @key, signing_input, @signature)
43
43
  end
44
44
 
@@ -47,10 +47,17 @@ module JWT
47
47
  end
48
48
 
49
49
  def allowed_algorithms
50
- if @options.key?(:algorithm)
50
+ # Order is very important - first check for string keys, next for symbols
51
+ if @options.key?('algorithm')
52
+ [@options['algorithm']]
53
+ elsif @options.key?(:algorithm)
51
54
  [@options[:algorithm]]
52
- else
55
+ elsif @options.key?('algorithms')
56
+ @options['algorithms'] || []
57
+ elsif @options.key?(:algorithms)
53
58
  @options[:algorithms] || []
59
+ else
60
+ []
54
61
  end
55
62
  end
56
63
 
@@ -1,20 +1,20 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module JWT
4
- EncodeError = Class.new(StandardError)
5
- DecodeError = Class.new(StandardError)
6
- RequiredDependencyError = Class.new(StandardError)
4
+ class EncodeError < StandardError; end
5
+ class DecodeError < StandardError; end
6
+ class RequiredDependencyError < StandardError; end
7
7
 
8
- VerificationError = Class.new(DecodeError)
9
- ExpiredSignature = Class.new(DecodeError)
10
- IncorrectAlgorithm = Class.new(DecodeError)
11
- ImmatureSignature = Class.new(DecodeError)
12
- InvalidIssuerError = Class.new(DecodeError)
13
- InvalidIatError = Class.new(DecodeError)
14
- InvalidAudError = Class.new(DecodeError)
15
- InvalidSubError = Class.new(DecodeError)
16
- InvalidJtiError = Class.new(DecodeError)
17
- InvalidPayload = Class.new(DecodeError)
8
+ class VerificationError < DecodeError; end
9
+ class ExpiredSignature < DecodeError; end
10
+ class IncorrectAlgorithm < DecodeError; end
11
+ class ImmatureSignature < DecodeError; end
12
+ class InvalidIssuerError < DecodeError; end
13
+ class InvalidIatError < DecodeError; end
14
+ class InvalidAudError < DecodeError; end
15
+ class InvalidSubError < DecodeError; end
16
+ class InvalidJtiError < DecodeError; end
17
+ class InvalidPayload < DecodeError; end
18
18
 
19
- JWKError = Class.new(DecodeError)
19
+ class JWKError < DecodeError; end
20
20
  end
@@ -1,16 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'forwardable'
4
-
5
3
  module JWT
6
4
  module JWK
7
5
  class RSA
8
- extend Forwardable
9
-
10
6
  attr_reader :keypair
11
7
 
12
- def_delegators :keypair, :private?, :public_key
13
-
14
8
  BINARY = 2
15
9
  KTY = 'RSA'.freeze
16
10
 
@@ -20,6 +14,14 @@ module JWT
20
14
  @keypair = keypair
21
15
  end
22
16
 
17
+ def private?
18
+ keypair.private?
19
+ end
20
+
21
+ def public_key
22
+ keypair.public_key
23
+ end
24
+
23
25
  def kid
24
26
  sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(public_key.n),
25
27
  OpenSSL::ASN1::Integer.new(public_key.e)])
@@ -37,9 +39,14 @@ module JWT
37
39
 
38
40
  def self.import(jwk_data)
39
41
  imported_key = OpenSSL::PKey::RSA.new
40
- imported_key.set_key(OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:n]), BINARY),
41
- OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:e]), BINARY),
42
- nil)
42
+ if imported_key.respond_to?(:set_key)
43
+ imported_key.set_key(OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:n]), BINARY),
44
+ OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:e]), BINARY),
45
+ nil)
46
+ else
47
+ imported_key.n = OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:n]), BINARY)
48
+ imported_key.e = OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:e]), BINARY)
49
+ end
43
50
  self.new(imported_key)
44
51
  end
45
52
  end
@@ -38,6 +38,8 @@ module JWT
38
38
  end
39
39
 
40
40
  def verify(algorithm, key, signing_input, signature)
41
+ raise JWT::DecodeError, 'No verification key available' unless key
42
+
41
43
  algo = ALGOS.find do |alg|
42
44
  alg.const_get(:SUPPORTED).include? algorithm
43
45
  end
@@ -14,11 +14,11 @@ module JWT
14
14
  # minor version
15
15
  MINOR = 2
16
16
  # tiny version
17
- TINY = 1
17
+ TINY = 2
18
18
  # alpha, beta, etc. tag
19
19
  PRE = nil
20
20
 
21
21
  # Build version string
22
- STRING = [[MAJOR, MINOR, TINY].compact.join('.'), PRE].compact.join('-')
22
+ STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
23
23
  end
24
24
  end
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
24
24
  spec.add_development_dependency 'bundler'
25
25
  spec.add_development_dependency 'rake'
26
26
  spec.add_development_dependency 'rspec'
27
- spec.add_development_dependency 'simplecov'
27
+ spec.add_development_dependency 'simplecov', '< 0.18'
28
28
  spec.add_development_dependency 'simplecov-json'
29
29
  spec.add_development_dependency 'codeclimate-test-reporter'
30
30
  spec.add_development_dependency 'codacy-coverage'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Rudat
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-24 00:00:00.000000000 Z
11
+ date: 2020-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: appraisal
@@ -70,16 +70,16 @@ dependencies:
70
70
  name: simplecov
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ">="
73
+ - - "<"
74
74
  - !ruby/object:Gem::Version
75
- version: '0'
75
+ version: '0.18'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ">="
80
+ - - "<"
81
81
  - !ruby/object:Gem::Version
82
- version: '0'
82
+ version: '0.18'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: simplecov-json
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -196,7 +196,7 @@ homepage: https://github.com/jwt/ruby-jwt
196
196
  licenses:
197
197
  - MIT
198
198
  metadata: {}
199
- post_install_message:
199
+ post_install_message:
200
200
  rdoc_options: []
201
201
  require_paths:
202
202
  - lib
@@ -211,8 +211,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
211
211
  - !ruby/object:Gem::Version
212
212
  version: '0'
213
213
  requirements: []
214
- rubygems_version: 3.0.3
215
- signing_key:
214
+ rubygems_version: 3.1.2
215
+ signing_key:
216
216
  specification_version: 4
217
217
  summary: JSON Web Token implementation in Ruby
218
218
  test_files: []