jwt_claims 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a503400ce945a893631a78c8c38af743587ce810
4
- data.tar.gz: 3c7ecfee679bd06e177ef4ca881dbb091d524547
3
+ metadata.gz: 2dc7d84bde89e7a58ef9a97e0956b3f2df05de92
4
+ data.tar.gz: fee164d4bda3ce9961ff6f925fc31ffbbc4cd228
5
5
  SHA512:
6
- metadata.gz: 7e70c10bdb07d77aa1958744d53588eeb6caca3de41eb4a8959cd77d0dfe4151a7d40c393a3437cf8b9e521e04f1e082a2d2cba04a022bd9d2762f37aec30e45
7
- data.tar.gz: b7ac29a45cfb4992b1077d076815c8ebf098a7ad37fd90e3172504f833be6693b198e3f1063fa2c5dc06184f777d6f3cb6a01c6b8303507156ab2bbc598fa10d
6
+ metadata.gz: b104d535a45f2769cb204750364945bb36ac28ac68c4bc6ce80e98a513de21622367cc7df8513fa2a24409545b3a79c76d13da95471d0cbc0ecc08da7ed9fea8
7
+ data.tar.gz: 29a5c2cf243aa90c09e03dca4480d24bd1247ace4ed86529046224789e117af17f3c38b7786adca455743165dc0bafc94473f4024115a4f6147065f30160f7c3
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.2
4
+ - 2.1.6
5
+ - 2.0.0
6
+ # uncomment this line if your project needs to run something other than `rake`:
7
+ script: bundle exec rspec spec
data/CHANGELOG.md ADDED
@@ -0,0 +1,10 @@
1
+ ## Changelog
2
+
3
+ ### v0.0.2 (2015-08-30)
4
+
5
+ * enhancements
6
+ * support leeway for 'Expiration time' and 'Not before' claims
7
+
8
+ ### v0.0.1 (2015-08-29)
9
+
10
+ * initial
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # JWT Claims
1
+ # JWT Claims [![travis][ci_img]][travis] [![yard docs][yd_img]][yard_docs] [![code climate][cc_img]][code_climate]
2
2
 
3
3
  ## Verification of a JWT (JSON Web Token) Claims Set for Ruby
4
4
 
@@ -14,14 +14,14 @@ A Ruby implementation of the JSON Web Token (JWT) registered claims, [RFC 7519][
14
14
  ### JwtClaims.verify(jwt, options)
15
15
 
16
16
  Returns a hash, either:
17
- * \{:ok, claims\}, a JWT claims set map, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
17
+ * \{:ok, claims\}, a JWT claims set hash, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
18
18
  * \{:error, [rejected_claims]\}, a list of any registered claims that fail validation, if the JWT MAC is verified
19
19
  * \{:error, 'invalid JWT'\} if the JWT MAC is not verified
20
20
  * \{:error, 'invalid input'\} otherwise
21
21
 
22
22
  `jwt` (required) is a JSON web token string
23
23
 
24
- `options` (required) map
24
+ `options` (required) hash
25
25
 
26
26
  * **alg** (optional, default: `'HS256'`)
27
27
  * **key** (required unless alg is 'none')
@@ -39,8 +39,30 @@ secure_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiL
39
39
 
40
40
  ```
41
41
 
42
+ ### Supported registered claims
43
+
44
+ JWT claim | key | a valid claim value must
45
+ ---|---|---
46
+ Issuer | :iss | equal options[:iss]
47
+ Subject | :sub | equal options[:sub]
48
+ Audience | :aud | include options[:aud]
49
+ Expiration Time | :exp | be > current time
50
+ Not Before | :nbf | be <= current time
51
+ Issued at | :iat | be < current time
52
+ JWT ID | :jti | equal options[:jti]
53
+
54
+ Additional detail about JWT registered claims is found in [this section][registered_claim_names] of the JWT RFC
55
+
42
56
  ### Supported Ruby versions
43
57
  Ruby 2.0.0 and up
44
58
 
45
59
  [rfc7519]: http://tools.ietf.org/html/rfc7519
46
60
  [json_web_token]: https://github.com/garyf/json_web_token
61
+ [registered_claim_names]: http://tools.ietf.org/html/rfc7519#section-4.1
62
+
63
+ [travis]: https://travis-ci.org/garyf/jwt_claims
64
+ [ci_img]: https://travis-ci.org/garyf/jwt_claims.svg?branch=master
65
+ [yard_docs]: http://www.rubydoc.info/github/garyf/jwt_claims
66
+ [yd_img]: http://img.shields.io/badge/yard-docs-blue.svg
67
+ [code_climate]: https://codeclimate.com/github/garyf/jwt_claims
68
+ [cc_img]: https://codeclimate.com/github/garyf/jwt_claims/badges/gpa.svg
@@ -8,10 +8,12 @@ module JwtClaims
8
8
 
9
9
  # @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
10
10
  # until the specified UTC date/time; non-integer values may be used
11
+ # @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
11
12
  # @return [true, false] whether to reject the claim
12
13
  def reject?(numeric_date, options = {})
13
14
  return true unless numeric_date.is_a?(Numeric)
14
- numeric_date <= Time.now.to_i
15
+ seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
16
+ numeric_date <= Time.now.to_i - seconds
15
17
  end
16
18
  end
17
19
  end
@@ -8,10 +8,12 @@ module JwtClaims
8
8
 
9
9
  # @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
10
10
  # until the specified UTC date/time; non-integer values may be used
11
+ # @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
11
12
  # @return [true, false] whether to reject the claim
12
13
  def reject?(numeric_date, options = {})
13
14
  return true unless numeric_date.is_a?(Numeric)
14
- numeric_date > Time.now.to_i
15
+ seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
16
+ numeric_date > Time.now.to_i + seconds
15
17
  end
16
18
  end
17
19
  end
@@ -0,0 +1,14 @@
1
+ module JwtClaims
2
+ # Utility methods
3
+ module Util
4
+
5
+ LEEWAY_SECONDS_MAX = 180
6
+
7
+ module_function
8
+
9
+ def leeway_seconds(n)
10
+ return 0 unless n.is_a?(Numeric) && (0..LEEWAY_SECONDS_MAX).include?(n)
11
+ n
12
+ end
13
+ end
14
+ end
@@ -7,6 +7,7 @@ module JwtClaims
7
7
 
8
8
  # @param claims [Hash] JWT claims
9
9
  # @param options [Hash] expected values for certain claims
10
+ # optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
10
11
  # @return [Array] symbols of the registered claims that fail validation
11
12
  def rejected(claims, options = {})
12
13
  claims.each_with_object([]) do |claim, memo|
@@ -1,3 +1,3 @@
1
1
  module JwtClaims
2
- VERSION = '0.0.1'
2
+ VERSION = '0.0.2'
3
3
  end
data/lib/jwt_claims.rb CHANGED
@@ -7,7 +7,7 @@ module JwtClaims
7
7
 
8
8
  # @param jwt [String] JSON web token
9
9
  # @param options [Hash] expected values for certain claims;
10
- # optional keys include: :aud, :iss, :jti, :sub
10
+ # optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
11
11
  # @return [Hash] { ok: { the jwt claims set hash } }, or { error: [symbols of all rejected claims] }
12
12
  def verify(jwt, options)
13
13
  hsh = JsonWebToken.verify(jwt, options)
@@ -4,7 +4,7 @@ module JwtClaims
4
4
  module Claim
5
5
  describe Exp do
6
6
  let(:after_now) { Time.now.to_i + 1 }
7
- describe '#reject?' do
7
+ context '#reject?' do
8
8
  it 'w numeric_date after now returns false' do
9
9
  expect(Exp.reject? after_now).to be false
10
10
  end
@@ -16,6 +16,20 @@ module JwtClaims
16
16
  it 'w/o numeric numeric_date returns true' do
17
17
  expect(Exp.reject? after_now.to_s).to be true
18
18
  end
19
+
20
+ context 'w leeway' do
21
+ let(:seconds) { 180 }
22
+ let(:options) { {leeway_seconds: seconds} }
23
+ it 'w numeric_date after now returns false' do
24
+ claim = after_now - seconds
25
+ expect(Exp.reject? claim, options).to be false
26
+ end
27
+
28
+ it 'w numeric_date now returns true' do
29
+ claim = Time.now.to_i - seconds
30
+ expect(Exp.reject? claim, options).to be true
31
+ end
32
+ end
19
33
  end
20
34
  end
21
35
  end
@@ -4,7 +4,7 @@ module JwtClaims
4
4
  module Claim
5
5
  describe Nbf do
6
6
  let(:after_now) { Time.now.to_i + 1 }
7
- describe '#reject?' do
7
+ context '#reject?' do
8
8
  it 'w numeric_date now returns false' do
9
9
  expect(Nbf.reject? Time.now.to_i).to be false
10
10
  end
@@ -16,6 +16,20 @@ module JwtClaims
16
16
  it 'w/o numeric claimed_time returns true' do
17
17
  expect(Nbf.reject? after_now.to_s).to be true
18
18
  end
19
+
20
+ context 'w leeway' do
21
+ let(:seconds) { 180 }
22
+ let(:options) { {leeway_seconds: seconds} }
23
+ it 'w numeric_date now returns false' do
24
+ claim = Time.now.to_i + seconds
25
+ expect(Nbf.reject? claim, options).to be false
26
+ end
27
+
28
+ it 'w numeric_date after_now returns true' do
29
+ claim = after_now + seconds
30
+ expect(Nbf.reject? claim, options).to be true
31
+ end
32
+ end
19
33
  end
20
34
  end
21
35
  end
@@ -0,0 +1,16 @@
1
+ require 'jwt_claims/util'
2
+
3
+ module JwtClaims
4
+ describe Util do
5
+ describe '#leeway_seconds' do
6
+ it "returns a value between 0 and #{Util::LEEWAY_SECONDS_MAX}" do
7
+ expect(Util.leeway_seconds 0).to eql 0
8
+ expect(Util.leeway_seconds 180).to eql 180
9
+ expect(Util.leeway_seconds 1.5).to eql 1.5
10
+ expect(Util.leeway_seconds 181).to eql 0
11
+ expect(Util.leeway_seconds -1).to eql 0
12
+ expect(Util.leeway_seconds 'foo').to eql 0
13
+ end
14
+ end
15
+ end
16
+ end
@@ -19,7 +19,8 @@ module JwtClaims
19
19
  aud: uri,
20
20
  iss: issuer,
21
21
  jti: jwt_id,
22
- sub: subject
22
+ sub: subject,
23
+ leeway_seconds: 120
23
24
  }
24
25
  end
25
26
  let(:default_claims) do
@@ -42,11 +43,11 @@ module JwtClaims
42
43
  let(:invalid_claims) do
43
44
  {
44
45
  aud: ['http://www.other.com', 'other recipient'],
45
- exp: before_now,
46
+ exp: before_now - 121, # two minute leeway
46
47
  iat: after_now,
47
48
  iss: 'other issuer',
48
49
  jti: 'other jwt_id',
49
- nbf: after_now,
50
+ nbf: after_now + 121,
50
51
  sub: 'other subject'
51
52
  }
52
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_claims
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gary Fleshman
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-29 00:00:00.000000000 Z
11
+ date: 2015-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json_web_token
@@ -46,6 +46,8 @@ extra_rdoc_files: []
46
46
  files:
47
47
  - ".gitignore"
48
48
  - ".rspec"
49
+ - ".travis.yml"
50
+ - CHANGELOG.md
49
51
  - Gemfile
50
52
  - LICENSE
51
53
  - README.md
@@ -59,6 +61,7 @@ files:
59
61
  - lib/jwt_claims/claim/nbf.rb
60
62
  - lib/jwt_claims/claim/sub.rb
61
63
  - lib/jwt_claims/string_or_uri.rb
64
+ - lib/jwt_claims/util.rb
62
65
  - lib/jwt_claims/validation.rb
63
66
  - lib/jwt_claims/version.rb
64
67
  - spec/jwt_claims/claim/aud_spec.rb
@@ -69,6 +72,7 @@ files:
69
72
  - spec/jwt_claims/claim/nbf_spec.rb
70
73
  - spec/jwt_claims/claim/sub_spec.rb
71
74
  - spec/jwt_claims/string_or_uri_spec.rb
75
+ - spec/jwt_claims/util_spec.rb
72
76
  - spec/jwt_claims/validation_spec.rb
73
77
  - spec/jwt_claims_spec.rb
74
78
  - spec/spec_helper.rb