jwt_claims 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +7 -0
  3. data/CHANGELOG.md +10 -0
  4. data/README.md +25 -3
  5. data/lib/jwt_claims/claim/exp.rb +3 -1
  6. data/lib/jwt_claims/claim/nbf.rb +3 -1
  7. data/lib/jwt_claims/util.rb +14 -0
  8. data/lib/jwt_claims/validation.rb +1 -0
  9. data/lib/jwt_claims/version.rb +1 -1
  10. data/lib/jwt_claims.rb +1 -1
  11. data/spec/jwt_claims/claim/exp_spec.rb +15 -1
  12. data/spec/jwt_claims/claim/nbf_spec.rb +15 -1
  13. data/spec/jwt_claims/util_spec.rb +16 -0
  14. data/spec/jwt_claims/validation_spec.rb +4 -3
  15. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a503400ce945a893631a78c8c38af743587ce810
4
- data.tar.gz: 3c7ecfee679bd06e177ef4ca881dbb091d524547
3
+ metadata.gz: 2dc7d84bde89e7a58ef9a97e0956b3f2df05de92
4
+ data.tar.gz: fee164d4bda3ce9961ff6f925fc31ffbbc4cd228
5
5
  SHA512:
6
- metadata.gz: 7e70c10bdb07d77aa1958744d53588eeb6caca3de41eb4a8959cd77d0dfe4151a7d40c393a3437cf8b9e521e04f1e082a2d2cba04a022bd9d2762f37aec30e45
7
- data.tar.gz: b7ac29a45cfb4992b1077d076815c8ebf098a7ad37fd90e3172504f833be6693b198e3f1063fa2c5dc06184f777d6f3cb6a01c6b8303507156ab2bbc598fa10d
6
+ metadata.gz: b104d535a45f2769cb204750364945bb36ac28ac68c4bc6ce80e98a513de21622367cc7df8513fa2a24409545b3a79c76d13da95471d0cbc0ecc08da7ed9fea8
7
+ data.tar.gz: 29a5c2cf243aa90c09e03dca4480d24bd1247ace4ed86529046224789e117af17f3c38b7786adca455743165dc0bafc94473f4024115a4f6147065f30160f7c3
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.2
4
+ - 2.1.6
5
+ - 2.0.0
6
+ # uncomment this line if your project needs to run something other than `rake`:
7
+ script: bundle exec rspec spec
data/CHANGELOG.md ADDED
@@ -0,0 +1,10 @@
1
+ ## Changelog
2
+
3
+ ### v0.0.2 (2015-08-30)
4
+
5
+ * enhancements
6
+ * support leeway for 'Expiration time' and 'Not before' claims
7
+
8
+ ### v0.0.1 (2015-08-29)
9
+
10
+ * initial
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # JWT Claims
1
+ # JWT Claims [![travis][ci_img]][travis] [![yard docs][yd_img]][yard_docs] [![code climate][cc_img]][code_climate]
2
2
 
3
3
  ## Verification of a JWT (JSON Web Token) Claims Set for Ruby
4
4
 
@@ -14,14 +14,14 @@ A Ruby implementation of the JSON Web Token (JWT) registered claims, [RFC 7519][
14
14
  ### JwtClaims.verify(jwt, options)
15
15
 
16
16
  Returns a hash, either:
17
- * \{:ok, claims\}, a JWT claims set map, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
17
+ * \{:ok, claims\}, a JWT claims set hash, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
18
18
  * \{:error, [rejected_claims]\}, a list of any registered claims that fail validation, if the JWT MAC is verified
19
19
  * \{:error, 'invalid JWT'\} if the JWT MAC is not verified
20
20
  * \{:error, 'invalid input'\} otherwise
21
21
 
22
22
  `jwt` (required) is a JSON web token string
23
23
 
24
- `options` (required) map
24
+ `options` (required) hash
25
25
 
26
26
  * **alg** (optional, default: `'HS256'`)
27
27
  * **key** (required unless alg is 'none')
@@ -39,8 +39,30 @@ secure_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiL
39
39
 
40
40
  ```
41
41
 
42
+ ### Supported registered claims
43
+
44
+ JWT claim | key | a valid claim value must
45
+ ---|---|---
46
+ Issuer | :iss | equal options[:iss]
47
+ Subject | :sub | equal options[:sub]
48
+ Audience | :aud | include options[:aud]
49
+ Expiration Time | :exp | be > current time
50
+ Not Before | :nbf | be <= current time
51
+ Issued at | :iat | be < current time
52
+ JWT ID | :jti | equal options[:jti]
53
+
54
+ Additional detail about JWT registered claims is found in [this section][registered_claim_names] of the JWT RFC
55
+
42
56
  ### Supported Ruby versions
43
57
  Ruby 2.0.0 and up
44
58
 
45
59
  [rfc7519]: http://tools.ietf.org/html/rfc7519
46
60
  [json_web_token]: https://github.com/garyf/json_web_token
61
+ [registered_claim_names]: http://tools.ietf.org/html/rfc7519#section-4.1
62
+
63
+ [travis]: https://travis-ci.org/garyf/jwt_claims
64
+ [ci_img]: https://travis-ci.org/garyf/jwt_claims.svg?branch=master
65
+ [yard_docs]: http://www.rubydoc.info/github/garyf/jwt_claims
66
+ [yd_img]: http://img.shields.io/badge/yard-docs-blue.svg
67
+ [code_climate]: https://codeclimate.com/github/garyf/jwt_claims
68
+ [cc_img]: https://codeclimate.com/github/garyf/jwt_claims/badges/gpa.svg
data/lib/jwt_claims/claim/exp.rb CHANGED
@@ -8,10 +8,12 @@ module JwtClaims
8
8
 
9
9
  # @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
10
10
  # until the specified UTC date/time; non-integer values may be used
11
+ # @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
11
12
  # @return [true, false] whether to reject the claim
12
13
  def reject?(numeric_date, options = {})
13
14
  return true unless numeric_date.is_a?(Numeric)
14
- numeric_date <= Time.now.to_i
15
+ seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
16
+ numeric_date <= Time.now.to_i - seconds
15
17
  end
16
18
  end
17
19
  end
data/lib/jwt_claims/claim/nbf.rb CHANGED
@@ -8,10 +8,12 @@ module JwtClaims
8
8
 
9
9
  # @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
10
10
  # until the specified UTC date/time; non-integer values may be used
11
+ # @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
11
12
  # @return [true, false] whether to reject the claim
12
13
  def reject?(numeric_date, options = {})
13
14
  return true unless numeric_date.is_a?(Numeric)
14
- numeric_date > Time.now.to_i
15
+ seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
16
+ numeric_date > Time.now.to_i + seconds
15
17
  end
16
18
  end
17
19
  end
data/lib/jwt_claims/util.rb ADDED
@@ -0,0 +1,14 @@
1
+ module JwtClaims
2
+ # Utility methods
3
+ module Util
4
+
5
+ LEEWAY_SECONDS_MAX = 180
6
+
7
+ module_function
8
+
9
+ def leeway_seconds(n)
10
+ return 0 unless n.is_a?(Numeric) && (0..LEEWAY_SECONDS_MAX).include?(n)
11
+ n
12
+ end
13
+ end
14
+ end
data/lib/jwt_claims/validation.rb CHANGED
@@ -7,6 +7,7 @@ module JwtClaims
7
7
 
8
8
  # @param claims [Hash] JWT claims
9
9
  # @param options [Hash] expected values for certain claims
10
+ # optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
10
11
  # @return [Array] symbols of the registered claims that fail validation
11
12
  def rejected(claims, options = {})
12
13
  claims.each_with_object([]) do |claim, memo|
data/lib/jwt_claims/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module JwtClaims
2
- VERSION = '0.0.1'
2
+ VERSION = '0.0.2'
3
3
  end
data/lib/jwt_claims.rb CHANGED
@@ -7,7 +7,7 @@ module JwtClaims
7
7
 
8
8
  # @param jwt [String] JSON web token
9
9
  # @param options [Hash] expected values for certain claims;
10
- # optional keys include: :aud, :iss, :jti, :sub
10
+ # optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
11
11
  # @return [Hash] { ok: { the jwt claims set hash } }, or { error: [symbols of all rejected claims] }
12
12
  def verify(jwt, options)
13
13
  hsh = JsonWebToken.verify(jwt, options)
data/spec/jwt_claims/claim/exp_spec.rb CHANGED
@@ -4,7 +4,7 @@ module JwtClaims
4
4
  module Claim
5
5
  describe Exp do
6
6
  let(:after_now) { Time.now.to_i + 1 }
7
- describe '#reject?' do
7
+ context '#reject?' do
8
8
  it 'w numeric_date after now returns false' do
9
9
  expect(Exp.reject? after_now).to be false
10
10
  end
@@ -16,6 +16,20 @@ module JwtClaims
16
16
  it 'w/o numeric numeric_date returns true' do
17
17
  expect(Exp.reject? after_now.to_s).to be true
18
18
  end
19
+
20
+ context 'w leeway' do
21
+ let(:seconds) { 180 }
22
+ let(:options) { {leeway_seconds: seconds} }
23
+ it 'w numeric_date after now returns false' do
24
+ claim = after_now - seconds
25
+ expect(Exp.reject? claim, options).to be false
26
+ end
27
+
28
+ it 'w numeric_date now returns true' do
29
+ claim = Time.now.to_i - seconds
30
+ expect(Exp.reject? claim, options).to be true
31
+ end
32
+ end
19
33
  end
20
34
  end
21
35
  end
data/spec/jwt_claims/claim/nbf_spec.rb CHANGED
@@ -4,7 +4,7 @@ module JwtClaims
4
4
  module Claim
5
5
  describe Nbf do
6
6
  let(:after_now) { Time.now.to_i + 1 }
7
- describe '#reject?' do
7
+ context '#reject?' do
8
8
  it 'w numeric_date now returns false' do
9
9
  expect(Nbf.reject? Time.now.to_i).to be false
10
10
  end
@@ -16,6 +16,20 @@ module JwtClaims
16
16
  it 'w/o numeric claimed_time returns true' do
17
17
  expect(Nbf.reject? after_now.to_s).to be true
18
18
  end
19
+
20
+ context 'w leeway' do
21
+ let(:seconds) { 180 }
22
+ let(:options) { {leeway_seconds: seconds} }
23
+ it 'w numeric_date now returns false' do
24
+ claim = Time.now.to_i + seconds
25
+ expect(Nbf.reject? claim, options).to be false
26
+ end
27
+
28
+ it 'w numeric_date after_now returns true' do
29
+ claim = after_now + seconds
30
+ expect(Nbf.reject? claim, options).to be true
31
+ end
32
+ end
19
33
  end
20
34
  end
21
35
  end
data/spec/jwt_claims/util_spec.rb ADDED
@@ -0,0 +1,16 @@
1
+ require 'jwt_claims/util'
2
+
3
+ module JwtClaims
4
+ describe Util do
5
+ describe '#leeway_seconds' do
6
+ it "returns a value between 0 and #{Util::LEEWAY_SECONDS_MAX}" do
7
+ expect(Util.leeway_seconds 0).to eql 0
8
+ expect(Util.leeway_seconds 180).to eql 180
9
+ expect(Util.leeway_seconds 1.5).to eql 1.5
10
+ expect(Util.leeway_seconds 181).to eql 0
11
+ expect(Util.leeway_seconds -1).to eql 0
12
+ expect(Util.leeway_seconds 'foo').to eql 0
13
+ end
14
+ end
15
+ end
16
+ end
data/spec/jwt_claims/validation_spec.rb CHANGED
@@ -19,7 +19,8 @@ module JwtClaims
19
19
  aud: uri,
20
20
  iss: issuer,
21
21
  jti: jwt_id,
22
- sub: subject
22
+ sub: subject,
23
+ leeway_seconds: 120
23
24
  }
24
25
  end
25
26
  let(:default_claims) do
@@ -42,11 +43,11 @@ module JwtClaims
42
43
  let(:invalid_claims) do
43
44
  {
44
45
  aud: ['http://www.other.com', 'other recipient'],
45
- exp: before_now,
46
+ exp: before_now - 121, # two minute leeway
46
47
  iat: after_now,
47
48
  iss: 'other issuer',
48
49
  jti: 'other jwt_id',
49
- nbf: after_now,
50
+ nbf: after_now + 121,
50
51
  sub: 'other subject'
51
52
  }
52
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_claims
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gary Fleshman
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-29 00:00:00.000000000 Z
11
+ date: 2015-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json_web_token
@@ -46,6 +46,8 @@ extra_rdoc_files: []
46
46
  files:
47
47
  - ".gitignore"
48
48
  - ".rspec"
49
+ - ".travis.yml"
50
+ - CHANGELOG.md
49
51
  - Gemfile
50
52
  - LICENSE
51
53
  - README.md
@@ -59,6 +61,7 @@ files:
59
61
  - lib/jwt_claims/claim/nbf.rb
60
62
  - lib/jwt_claims/claim/sub.rb
61
63
  - lib/jwt_claims/string_or_uri.rb
64
+ - lib/jwt_claims/util.rb
62
65
  - lib/jwt_claims/validation.rb
63
66
  - lib/jwt_claims/version.rb
64
67
  - spec/jwt_claims/claim/aud_spec.rb
@@ -69,6 +72,7 @@ files:
69
72
  - spec/jwt_claims/claim/nbf_spec.rb
70
73
  - spec/jwt_claims/claim/sub_spec.rb
71
74
  - spec/jwt_claims/string_or_uri_spec.rb
75
+ - spec/jwt_claims/util_spec.rb
72
76
  - spec/jwt_claims/validation_spec.rb
73
77
  - spec/jwt_claims_spec.rb
74
78
  - spec/spec_helper.rb