jwt_keeper 5.0.0 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/jwt_keeper/configuration.rb +2 -2
- data/lib/jwt_keeper/token.rb +7 -5
- data/lib/jwt_keeper/version.rb +1 -1
- data/spec/lib/jwt_keeper/token_spec.rb +34 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4ce4912150544b5d9944105ef36f43022c480578eb922d6a5f001c2044a53de6
|
|
4
|
+
data.tar.gz: 8f1ef7fa13008c88133aac5babbf8622070db55ac3ea49eb45ef515c23e1751b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: df62c535a49f323772ee6b7fe995ada5a1906c1ac3d80916949a30c7030c058eea47105368edc97351c1853bdf11cf6f561452e21d71d2d79f32246964acf3b5
|
|
7
|
+
data.tar.gz: b03abb09f142d3d5b27706b9792be412ea8c5698b4c7c385a343f15cd147cf9b71202c32b24b7dbbd892a9ac054be6918b9562498f7f8a347d30d054d54ddc19
|
data/lib/jwt_keeper/token.rb
CHANGED
|
@@ -36,11 +36,11 @@ module JWTKeeper
|
|
|
36
36
|
# @param raw_token [String] the raw token
|
|
37
37
|
# @param cookie_secret [String] the cookie secret
|
|
38
38
|
# @return [Token] token object
|
|
39
|
-
def self.find(raw_token, secret: nil, cookie_secret: nil)
|
|
40
|
-
claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret)
|
|
39
|
+
def self.find(raw_token, secret: nil, cookie_secret: nil, iss: nil)
|
|
40
|
+
claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret, iss: iss)
|
|
41
41
|
return nil if claims.nil?
|
|
42
42
|
|
|
43
|
-
new_token = new(secret: secret, cookie_secret: cookie_secret)
|
|
43
|
+
new_token = new(secret: secret, cookie_secret: cookie_secret, iss: iss)
|
|
44
44
|
new_token.claims = claims
|
|
45
45
|
|
|
46
46
|
return nil if new_token.revoked?
|
|
@@ -73,6 +73,7 @@ module JWTKeeper
|
|
|
73
73
|
# @param new_claims [Hash] Used to override and update claims during rotation
|
|
74
74
|
# @return [Token]
|
|
75
75
|
def rotate(new_claims = nil)
|
|
76
|
+
return self if claims[:iss] != JWTKeeper.configuration.issuer
|
|
76
77
|
revoke
|
|
77
78
|
|
|
78
79
|
new_claims ||= claims.except(:iss, :aud, :exp, :nbf, :iat, :jti)
|
|
@@ -141,8 +142,9 @@ module JWTKeeper
|
|
|
141
142
|
end
|
|
142
143
|
|
|
143
144
|
# @!visibility private
|
|
144
|
-
def self.decode(raw_token, secret: nil, cookie_secret: nil)
|
|
145
|
+
def self.decode(raw_token, secret: nil, cookie_secret: nil, iss: nil)
|
|
145
146
|
secret ||= JWTKeeper.configuration.secret
|
|
147
|
+
iss ||= JWTKeeper.configuration.issuer
|
|
146
148
|
|
|
147
149
|
JWT.decode(raw_token, secret.to_s + cookie_secret.to_s, true,
|
|
148
150
|
algorithm: JWTKeeper.configuration.algorithm,
|
|
@@ -152,7 +154,7 @@ module JWTKeeper
|
|
|
152
154
|
verify_sub: false,
|
|
153
155
|
verify_jti: false,
|
|
154
156
|
leeway: 0,
|
|
155
|
-
iss:
|
|
157
|
+
iss: iss,
|
|
156
158
|
aud: JWTKeeper.configuration.audience
|
|
157
159
|
).first.symbolize_keys
|
|
158
160
|
|
data/lib/jwt_keeper/version.rb
CHANGED
|
@@ -33,6 +33,16 @@ module JWTKeeper
|
|
|
33
33
|
it { is_expected.to be_instance_of described_class }
|
|
34
34
|
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
35
35
|
end
|
|
36
|
+
|
|
37
|
+
context 'when overriding default issuer' do
|
|
38
|
+
subject { described_class.create(**private_claims, iss: issuer) }
|
|
39
|
+
|
|
40
|
+
let(:issuer) { 'ISSUER' }
|
|
41
|
+
|
|
42
|
+
it { is_expected.to be_instance_of described_class }
|
|
43
|
+
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
44
|
+
it { expect(subject.claims[:iss]).to eql issuer }
|
|
45
|
+
end
|
|
36
46
|
end
|
|
37
47
|
|
|
38
48
|
describe '.find' do
|
|
@@ -79,6 +89,23 @@ module JWTKeeper
|
|
|
79
89
|
it { is_expected.to be_instance_of described_class }
|
|
80
90
|
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
81
91
|
end
|
|
92
|
+
|
|
93
|
+
context 'when overriding default issuer' do
|
|
94
|
+
subject { described_class.find(raw_token, iss: issuer) }
|
|
95
|
+
|
|
96
|
+
let(:token) { described_class.create(**private_claims, iss: issuer) }
|
|
97
|
+
let(:issuer) { 'ISSUER' }
|
|
98
|
+
|
|
99
|
+
it { is_expected.to be_instance_of described_class }
|
|
100
|
+
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
101
|
+
it { expect(subject.claims[:iss]).to eql issuer }
|
|
102
|
+
|
|
103
|
+
context 'with an issuer mismatch' do
|
|
104
|
+
subject { described_class.find(raw_token) }
|
|
105
|
+
|
|
106
|
+
it { is_expected.to be nil }
|
|
107
|
+
end
|
|
108
|
+
end
|
|
82
109
|
end
|
|
83
110
|
|
|
84
111
|
describe '.rotate' do
|
|
@@ -200,6 +227,13 @@ module JWTKeeper
|
|
|
200
227
|
it { expect(new_token).to be_valid }
|
|
201
228
|
it { expect(old_token.claims[:claim]).to eq new_token.claims[:claim] }
|
|
202
229
|
it { expect(old_token.cookie_secret).not_to eq new_token.cookie_secret }
|
|
230
|
+
|
|
231
|
+
context 'with a foreign issued token' do
|
|
232
|
+
let(:old_token) { described_class.create(**private_claims, iss: 'ISSUER') }
|
|
233
|
+
let(:new_token) { old_token.rotate }
|
|
234
|
+
|
|
235
|
+
it { expect(old_token).to eq new_token }
|
|
236
|
+
end
|
|
203
237
|
end
|
|
204
238
|
|
|
205
239
|
describe '#valid?' do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt_keeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Rivera
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-02
|
|
12
|
+
date: 2021-03-02 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|