RubyGems - jwt_claims - Versions diffs - 0.0.1 → 0.0.2 - Mend

jwt_claims 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +7 -0
data/CHANGELOG.md +10 -0
data/README.md +25 -3
data/lib/jwt_claims/claim/exp.rb +3 -1
data/lib/jwt_claims/claim/nbf.rb +3 -1
data/lib/jwt_claims/util.rb +14 -0
data/lib/jwt_claims/validation.rb +1 -0
data/lib/jwt_claims/version.rb +1 -1
data/lib/jwt_claims.rb +1 -1
data/spec/jwt_claims/claim/exp_spec.rb +15 -1
data/spec/jwt_claims/claim/nbf_spec.rb +15 -1
data/spec/jwt_claims/util_spec.rb +16 -0
data/spec/jwt_claims/validation_spec.rb +4 -3
metadata +6 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a503400ce945a893631a78c8c38af743587ce810
-  data.tar.gz: 3c7ecfee679bd06e177ef4ca881dbb091d524547
+  metadata.gz: 2dc7d84bde89e7a58ef9a97e0956b3f2df05de92
+  data.tar.gz: fee164d4bda3ce9961ff6f925fc31ffbbc4cd228
 SHA512:
-  metadata.gz: 7e70c10bdb07d77aa1958744d53588eeb6caca3de41eb4a8959cd77d0dfe4151a7d40c393a3437cf8b9e521e04f1e082a2d2cba04a022bd9d2762f37aec30e45
-  data.tar.gz: b7ac29a45cfb4992b1077d076815c8ebf098a7ad37fd90e3172504f833be6693b198e3f1063fa2c5dc06184f777d6f3cb6a01c6b8303507156ab2bbc598fa10d
+  metadata.gz: b104d535a45f2769cb204750364945bb36ac28ac68c4bc6ce80e98a513de21622367cc7df8513fa2a24409545b3a79c76d13da95471d0cbc0ecc08da7ed9fea8
+  data.tar.gz: 29a5c2cf243aa90c09e03dca4480d24bd1247ace4ed86529046224789e117af17f3c38b7786adca455743165dc0bafc94473f4024115a4f6147065f30160f7c3

data/.travis.yml ADDED Viewed

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 2.2.2
+  - 2.1.6
+  - 2.0.0
+# uncomment this line if your project needs to run something other than `rake`:
+script: bundle exec rspec spec

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,10 @@
+## Changelog
+### v0.0.2 (2015-08-30)
+* enhancements
+  * support leeway for 'Expiration time' and 'Not before' claims
+### v0.0.1 (2015-08-29)
+* initial

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# JWT Claims
+# JWT Claims [![travis][ci_img]][travis] [![yard docs][yd_img]][yard_docs] [![code climate][cc_img]][code_climate]
 ## Verification of a JWT (JSON Web Token) Claims Set for Ruby
@@ -14,14 +14,14 @@ A Ruby implementation of the JSON Web Token (JWT) registered claims, [RFC 7519][
 ### JwtClaims.verify(jwt, options)
 Returns a hash, either:
-* \{:ok, claims\}, a JWT claims set map, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
+* \{:ok, claims\}, a JWT claims set hash, if the JWT Message Authentication Code (MAC), or signature, is verified and the registered claims are also verified
 * \{:error, [rejected_claims]\}, a list of any registered claims that fail validation, if the JWT MAC is verified
 * \{:error, 'invalid JWT'\} if the JWT MAC is not verified
 * \{:error, 'invalid input'\} otherwise
 `jwt` (required) is a JSON web token string
-`options` (required) map
+`options` (required) hash
 * **alg** (optional, default: `'HS256'`)
 * **key** (required unless alg is 'none')
@@ -39,8 +39,30 @@ secure_jwt_example = 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiL
 ```
+### Supported registered claims
+JWT claim | key | a valid claim value must
+---|---|---
+Issuer | :iss | equal options[:iss]
+Subject | :sub |  equal options[:sub]
+Audience | :aud |  include options[:aud]
+Expiration Time | :exp | be > current time
+Not Before | :nbf | be <= current time
+Issued at | :iat | be < current time
+JWT ID | :jti | equal options[:jti]
+Additional detail about JWT registered claims is found in [this section][registered_claim_names] of the JWT RFC
 ### Supported Ruby versions
 Ruby 2.0.0 and up
 [rfc7519]: http://tools.ietf.org/html/rfc7519
 [json_web_token]: https://github.com/garyf/json_web_token
+[registered_claim_names]: http://tools.ietf.org/html/rfc7519#section-4.1
+[travis]: https://travis-ci.org/garyf/jwt_claims
+[ci_img]: https://travis-ci.org/garyf/jwt_claims.svg?branch=master
+[yard_docs]: http://www.rubydoc.info/github/garyf/jwt_claims
+[yd_img]: http://img.shields.io/badge/yard-docs-blue.svg
+[code_climate]: https://codeclimate.com/github/garyf/jwt_claims
+[cc_img]: https://codeclimate.com/github/garyf/jwt_claims/badges/gpa.svg

data/lib/jwt_claims/claim/exp.rb CHANGED Viewed

@@ -8,10 +8,12 @@ module JwtClaims
       # @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
       #   until the specified UTC date/time; non-integer values may be used
+      # @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
       # @return [true, false] whether to reject the claim
       def reject?(numeric_date, options = {})
         return true unless numeric_date.is_a?(Numeric)
-        numeric_date <= Time.now.to_i
+        seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
+        numeric_date <= Time.now.to_i - seconds
       end
     end
   end

data/lib/jwt_claims/claim/nbf.rb CHANGED Viewed

@@ -8,10 +8,12 @@ module JwtClaims
       # @param numeric_date [Numeric] the number of seconds from 1970-01-01T00:00:00Z UTC
       #   until the specified UTC date/time; non-integer values may be used
+      # @param options [Hash] (key :leeway_seconds, maximum of 180), time to allow for clock skew
       # @return [true, false] whether to reject the claim
       def reject?(numeric_date, options = {})
         return true unless numeric_date.is_a?(Numeric)
-        numeric_date > Time.now.to_i
+        seconds = Util.leeway_seconds(options.fetch(:leeway_seconds, 0))
+        numeric_date > Time.now.to_i + seconds
       end
     end
   end

data/lib/jwt_claims/util.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module JwtClaims
+  # Utility methods
+  module Util
+    LEEWAY_SECONDS_MAX = 180
+    module_function
+    def leeway_seconds(n)
+      return 0 unless n.is_a?(Numeric) && (0..LEEWAY_SECONDS_MAX).include?(n)
+      n
+    end
+  end
+end

data/lib/jwt_claims/validation.rb CHANGED Viewed

@@ -7,6 +7,7 @@ module JwtClaims
     # @param claims [Hash] JWT claims
     # @param options [Hash] expected values for certain claims
+    #   optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
     # @return [Array] symbols of the registered claims that fail validation
     def rejected(claims, options = {})
       claims.each_with_object([]) do |claim, memo|

data/lib/jwt_claims/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module JwtClaims
-  VERSION = '0.0.1'
+  VERSION = '0.0.2'
 end

data/lib/jwt_claims.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module JwtClaims
   # @param jwt [String] JSON web token
   # @param options [Hash] expected values for certain claims;
-  #   optional keys include: :aud, :iss, :jti, :sub
+  #   optional keys include: :aud, :iss, :jti, :sub, :leeway_seconds
   # @return [Hash] { ok: { the jwt claims set hash } }, or { error: [symbols of all rejected claims] }
   def verify(jwt, options)
     hsh = JsonWebToken.verify(jwt, options)

data/spec/jwt_claims/claim/exp_spec.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module JwtClaims
   module Claim
     describe Exp do
       let(:after_now) { Time.now.to_i + 1 }
-      describe '#reject?' do
+      context '#reject?' do
         it 'w numeric_date after now returns false' do
           expect(Exp.reject? after_now).to be false
         end
@@ -16,6 +16,20 @@ module JwtClaims
         it 'w/o numeric numeric_date returns true' do
           expect(Exp.reject? after_now.to_s).to be true
         end
+        context 'w leeway' do
+          let(:seconds) { 180 }
+          let(:options) { {leeway_seconds: seconds} }
+          it 'w numeric_date after now returns false' do
+            claim = after_now - seconds
+            expect(Exp.reject? claim, options).to be false
+          end
+          it 'w numeric_date now returns true' do
+            claim = Time.now.to_i - seconds
+            expect(Exp.reject? claim, options).to be true
+          end
+        end
       end
     end
   end

data/spec/jwt_claims/claim/nbf_spec.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module JwtClaims
   module Claim
     describe Nbf do
       let(:after_now) { Time.now.to_i + 1 }
-      describe '#reject?' do
+      context '#reject?' do
         it 'w numeric_date now returns false' do
           expect(Nbf.reject? Time.now.to_i).to be false
         end
@@ -16,6 +16,20 @@ module JwtClaims
         it 'w/o numeric claimed_time returns true' do
           expect(Nbf.reject? after_now.to_s).to be true
         end
+        context 'w leeway' do
+          let(:seconds) { 180 }
+          let(:options) { {leeway_seconds: seconds} }
+          it 'w numeric_date now returns false' do
+            claim = Time.now.to_i + seconds
+            expect(Nbf.reject? claim, options).to be false
+          end
+          it 'w numeric_date after_now returns true' do
+            claim = after_now + seconds
+            expect(Nbf.reject? claim, options).to be true
+          end
+        end
       end
     end
   end

data/spec/jwt_claims/util_spec.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'jwt_claims/util'
+module JwtClaims
+  describe Util do
+    describe '#leeway_seconds' do
+      it "returns a value between 0 and #{Util::LEEWAY_SECONDS_MAX}" do
+        expect(Util.leeway_seconds 0).to eql 0
+        expect(Util.leeway_seconds 180).to eql 180
+        expect(Util.leeway_seconds 1.5).to eql 1.5
+        expect(Util.leeway_seconds 181).to eql 0
+        expect(Util.leeway_seconds -1).to eql 0
+        expect(Util.leeway_seconds 'foo').to eql 0
+      end
+    end
+  end
+end

data/spec/jwt_claims/validation_spec.rb CHANGED Viewed

@@ -19,7 +19,8 @@ module JwtClaims
           aud: uri,
           iss: issuer,
           jti: jwt_id,
-          sub: subject
+          sub: subject,
+          leeway_seconds: 120
         }
       end
       let(:default_claims) do
@@ -42,11 +43,11 @@ module JwtClaims
           let(:invalid_claims) do
             {
               aud: ['http://www.other.com', 'other recipient'],
-              exp: before_now,
+              exp: before_now - 121, # two minute leeway
               iat: after_now,
               iss: 'other issuer',
               jti: 'other jwt_id',
-              nbf: after_now,
+              nbf: after_now + 121,
               sub: 'other subject'
             }
           end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt_claims
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Gary Fleshman
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-29 00:00:00.000000000 Z
+date: 2015-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json_web_token
@@ -46,6 +46,8 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
@@ -59,6 +61,7 @@ files:
 - lib/jwt_claims/claim/nbf.rb
 - lib/jwt_claims/claim/sub.rb
 - lib/jwt_claims/string_or_uri.rb
+- lib/jwt_claims/util.rb
 - lib/jwt_claims/validation.rb
 - lib/jwt_claims/version.rb
 - spec/jwt_claims/claim/aud_spec.rb
@@ -69,6 +72,7 @@ files:
 - spec/jwt_claims/claim/nbf_spec.rb
 - spec/jwt_claims/claim/sub_spec.rb
 - spec/jwt_claims/string_or_uri_spec.rb
+- spec/jwt_claims/util_spec.rb
 - spec/jwt_claims/validation_spec.rb
 - spec/jwt_claims_spec.rb
 - spec/spec_helper.rb