jwt_claims 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +7 -0
- data/CHANGELOG.md +10 -0
- data/README.md +25 -3
- data/lib/jwt_claims/claim/exp.rb +3 -1
- data/lib/jwt_claims/claim/nbf.rb +3 -1
- data/lib/jwt_claims/util.rb +14 -0
- data/lib/jwt_claims/validation.rb +1 -0
- data/lib/jwt_claims/version.rb +1 -1
- data/lib/jwt_claims.rb +1 -1
- data/spec/jwt_claims/claim/exp_spec.rb +15 -1
- data/spec/jwt_claims/claim/nbf_spec.rb +15 -1
- data/spec/jwt_claims/util_spec.rb +16 -0
- data/spec/jwt_claims/validation_spec.rb +4 -3
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2dc7d84bde89e7a58ef9a97e0956b3f2df05de92
|
4
|
+
data.tar.gz: fee164d4bda3ce9961ff6f925fc31ffbbc4cd228
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b104d535a45f2769cb204750364945bb36ac28ac68c4bc6ce80e98a513de21622367cc7df8513fa2a24409545b3a79c76d13da95471d0cbc0ecc08da7ed9fea8
|
7
|
+
data.tar.gz: 29a5c2cf243aa90c09e03dca4480d24bd1247ace4ed86529046224789e117af17f3c38b7786adca455743165dc0bafc94473f4024115a4f6147065f30160f7c3
|
data/.travis.yml
ADDED
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# JWT Claims
|
1
|
+
# JWT Claims [![travis][ci_img]][travis] [![yard docs][yd_img]][yard_docs] [![code climate][cc_img]][code_climate]
|
2
2
|
|
3
3
|
## Verification of a JWT (JSON Web Token) Claims Set for Ruby
|
4
4
|
|
@@ -14,14 +14,14 @@ A Ruby implementation of the JSON Web Token (JWT) registered claims, [RFC 7519][
|
|
14
14
|
### JwtClaims.verify(jwt, options)
|
15
15
|
|
16
16
|
Returns a hash, either:
|
17
|
-
* \{:ok, claims\}, a JWT claims set
|
17
|
+
* \{:ok, claims\}, a JWT claims set hash, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
|
18
18
|
* \{:error, [rejected_claims]\}, a list of any registered claims that fail validation, if the JWT MAC is verified
|
19
19
|
* \{:error, 'invalid JWT'\} if the JWT MAC is not verified
|
20
20
|
* \{:error, 'invalid input'\} otherwise
|
21
21
|
|
22
22
|
`jwt` (required) is a JSON web token string
|
23
23
|
|
24
|
-
`options` (required)
|
24
|
+
`options` (required) hash
|
25
25
|
|
26
26
|
* **alg** (optional, default: `'HS256'`)
|
27
27
|
* **key** (required unless alg is 'none')
|
@@ -39,8 +39,30 @@ secure_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiL
|
|
39
39
|
|
40
40
|
```
|
41
41
|
|
42
|
+
### Supported registered claims
|
43
|
+
|
44
|
+
JWT claim | key | a valid claim value must
|
45
|
+
---|---|---
|
46
|
+
Issuer | :iss | equal options[:iss]
|
47
|
+
Subject | :sub | equal options[:sub]
|
48
|
+
Audience | :aud | include options[:aud]
|
49
|
+
Expiration Time | :exp | be > current time
|
50
|
+
Not Before | :nbf | be <= current time
|
51
|
+
Issued at | :iat | be < current time
|
52
|
+
JWT ID | :jti | equal options[:jti]
|
53
|
+
|
54
|
+
Additional detail about JWT registered claims is found in [this section][registered_claim_names] of the JWT RFC
|
55
|
+
|
42
56
|
### Supported Ruby versions
|
43
57
|
Ruby 2.0.0 and up
|
44
58
|
|
45
59
|
[rfc7519]: http://tools.ietf.org/html/rfc7519
|
46
60
|
[json_web_token]: https://github.com/garyf/json_web_token
|
61
|
+
[registered_claim_names]: http://tools.ietf.org/html/rfc7519#section-4.1
|
62
|
+
|
63
|
+
[travis]: https://travis-ci.org/garyf/jwt_claims
|
64
|
+
[ci_img]: https://travis-ci.org/garyf/jwt_claims.svg?branch=master
|
65
|
+
[yard_docs]: http://www.rubydoc.info/github/garyf/jwt_claims
|
66
|
+
[yd_img]: http://img.shields.io/badge/yard-docs-blue.svg
|
67
|
+
[code_climate]: https://codeclimate.com/github/garyf/jwt_claims
|
68
|
+
[cc_img]: https://codeclimate.com/github/garyf/jwt_claims/badges/gpa.svg
|
data/lib/jwt_claims/claim/exp.rb
CHANGED
@@ -8,10 +8,12 @@ module JwtClaims
|
|
8
8
|
|
9
9
|
# @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
|
10
10
|
# until the specified UTC date/time; non-integer values may be used
|
11
|
+
# @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
|
11
12
|
# @return [true, false] whether to reject the claim
|
12
13
|
def reject?(numeric_date, options = {})
|
13
14
|
return true unless numeric_date.is_a?(Numeric)
|
14
|
-
|
15
|
+
seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
|
16
|
+
numeric_date <= Time.now.to_i - seconds
|
15
17
|
end
|
16
18
|
end
|
17
19
|
end
|
data/lib/jwt_claims/claim/nbf.rb
CHANGED
@@ -8,10 +8,12 @@ module JwtClaims
|
|
8
8
|
|
9
9
|
# @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
|
10
10
|
# until the specified UTC date/time; non-integer values may be used
|
11
|
+
# @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
|
11
12
|
# @return [true, false] whether to reject the claim
|
12
13
|
def reject?(numeric_date, options = {})
|
13
14
|
return true unless numeric_date.is_a?(Numeric)
|
14
|
-
|
15
|
+
seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
|
16
|
+
numeric_date > Time.now.to_i + seconds
|
15
17
|
end
|
16
18
|
end
|
17
19
|
end
|
@@ -7,6 +7,7 @@ module JwtClaims
|
|
7
7
|
|
8
8
|
# @param claims [Hash] JWT claims
|
9
9
|
# @param options [Hash] expected values for certain claims
|
10
|
+
# optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
|
10
11
|
# @return [Array] symbols of the registered claims that fail validation
|
11
12
|
def rejected(claims, options = {})
|
12
13
|
claims.each_with_object([]) do |claim, memo|
|
data/lib/jwt_claims/version.rb
CHANGED
data/lib/jwt_claims.rb
CHANGED
@@ -7,7 +7,7 @@ module JwtClaims
|
|
7
7
|
|
8
8
|
# @param jwt [String] JSON web token
|
9
9
|
# @param options [Hash] expected values for certain claims;
|
10
|
-
# optional keys include: :aud, :iss, :jti, :sub
|
10
|
+
# optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
|
11
11
|
# @return [Hash] { ok: { the jwt claims set hash } }, or { error: [symbols of all rejected claims] }
|
12
12
|
def verify(jwt, options)
|
13
13
|
hsh = JsonWebToken.verify(jwt, options)
|
@@ -4,7 +4,7 @@ module JwtClaims
|
|
4
4
|
module Claim
|
5
5
|
describe Exp do
|
6
6
|
let(:after_now) { Time.now.to_i + 1 }
|
7
|
-
|
7
|
+
context '#reject?' do
|
8
8
|
it 'w numeric_date after now returns false' do
|
9
9
|
expect(Exp.reject? after_now).to be false
|
10
10
|
end
|
@@ -16,6 +16,20 @@ module JwtClaims
|
|
16
16
|
it 'w/o numeric numeric_date returns true' do
|
17
17
|
expect(Exp.reject? after_now.to_s).to be true
|
18
18
|
end
|
19
|
+
|
20
|
+
context 'w leeway' do
|
21
|
+
let(:seconds) { 180 }
|
22
|
+
let(:options) { {leeway_seconds: seconds} }
|
23
|
+
it 'w numeric_date after now returns false' do
|
24
|
+
claim = after_now - seconds
|
25
|
+
expect(Exp.reject? claim, options).to be false
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'w numeric_date now returns true' do
|
29
|
+
claim = Time.now.to_i - seconds
|
30
|
+
expect(Exp.reject? claim, options).to be true
|
31
|
+
end
|
32
|
+
end
|
19
33
|
end
|
20
34
|
end
|
21
35
|
end
|
@@ -4,7 +4,7 @@ module JwtClaims
|
|
4
4
|
module Claim
|
5
5
|
describe Nbf do
|
6
6
|
let(:after_now) { Time.now.to_i + 1 }
|
7
|
-
|
7
|
+
context '#reject?' do
|
8
8
|
it 'w numeric_date now returns false' do
|
9
9
|
expect(Nbf.reject? Time.now.to_i).to be false
|
10
10
|
end
|
@@ -16,6 +16,20 @@ module JwtClaims
|
|
16
16
|
it 'w/o numeric claimed_time returns true' do
|
17
17
|
expect(Nbf.reject? after_now.to_s).to be true
|
18
18
|
end
|
19
|
+
|
20
|
+
context 'w leeway' do
|
21
|
+
let(:seconds) { 180 }
|
22
|
+
let(:options) { {leeway_seconds: seconds} }
|
23
|
+
it 'w numeric_date now returns false' do
|
24
|
+
claim = Time.now.to_i + seconds
|
25
|
+
expect(Nbf.reject? claim, options).to be false
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'w numeric_date after_now returns true' do
|
29
|
+
claim = after_now + seconds
|
30
|
+
expect(Nbf.reject? claim, options).to be true
|
31
|
+
end
|
32
|
+
end
|
19
33
|
end
|
20
34
|
end
|
21
35
|
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'jwt_claims/util'
|
2
|
+
|
3
|
+
module JwtClaims
|
4
|
+
describe Util do
|
5
|
+
describe '#leeway_seconds' do
|
6
|
+
it "returns a value between 0 and #{Util::LEEWAY_SECONDS_MAX}" do
|
7
|
+
expect(Util.leeway_seconds 0).to eql 0
|
8
|
+
expect(Util.leeway_seconds 180).to eql 180
|
9
|
+
expect(Util.leeway_seconds 1.5).to eql 1.5
|
10
|
+
expect(Util.leeway_seconds 181).to eql 0
|
11
|
+
expect(Util.leeway_seconds -1).to eql 0
|
12
|
+
expect(Util.leeway_seconds 'foo').to eql 0
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -19,7 +19,8 @@ module JwtClaims
|
|
19
19
|
aud: uri,
|
20
20
|
iss: issuer,
|
21
21
|
jti: jwt_id,
|
22
|
-
sub: subject
|
22
|
+
sub: subject,
|
23
|
+
leeway_seconds: 120
|
23
24
|
}
|
24
25
|
end
|
25
26
|
let(:default_claims) do
|
@@ -42,11 +43,11 @@ module JwtClaims
|
|
42
43
|
let(:invalid_claims) do
|
43
44
|
{
|
44
45
|
aud: ['http://www.other.com', 'other recipient'],
|
45
|
-
exp: before_now,
|
46
|
+
exp: before_now - 121, # two minute leeway
|
46
47
|
iat: after_now,
|
47
48
|
iss: 'other issuer',
|
48
49
|
jti: 'other jwt_id',
|
49
|
-
nbf: after_now,
|
50
|
+
nbf: after_now + 121,
|
50
51
|
sub: 'other subject'
|
51
52
|
}
|
52
53
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt_claims
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gary Fleshman
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-08-
|
11
|
+
date: 2015-08-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json_web_token
|
@@ -46,6 +46,8 @@ extra_rdoc_files: []
|
|
46
46
|
files:
|
47
47
|
- ".gitignore"
|
48
48
|
- ".rspec"
|
49
|
+
- ".travis.yml"
|
50
|
+
- CHANGELOG.md
|
49
51
|
- Gemfile
|
50
52
|
- LICENSE
|
51
53
|
- README.md
|
@@ -59,6 +61,7 @@ files:
|
|
59
61
|
- lib/jwt_claims/claim/nbf.rb
|
60
62
|
- lib/jwt_claims/claim/sub.rb
|
61
63
|
- lib/jwt_claims/string_or_uri.rb
|
64
|
+
- lib/jwt_claims/util.rb
|
62
65
|
- lib/jwt_claims/validation.rb
|
63
66
|
- lib/jwt_claims/version.rb
|
64
67
|
- spec/jwt_claims/claim/aud_spec.rb
|
@@ -69,6 +72,7 @@ files:
|
|
69
72
|
- spec/jwt_claims/claim/nbf_spec.rb
|
70
73
|
- spec/jwt_claims/claim/sub_spec.rb
|
71
74
|
- spec/jwt_claims/string_or_uri_spec.rb
|
75
|
+
- spec/jwt_claims/util_spec.rb
|
72
76
|
- spec/jwt_claims/validation_spec.rb
|
73
77
|
- spec/jwt_claims_spec.rb
|
74
78
|
- spec/spec_helper.rb
|