jwt_keeper 5.0.0 → 5.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/jwt_keeper/configuration.rb +2 -2
- data/lib/jwt_keeper/token.rb +7 -5
- data/lib/jwt_keeper/version.rb +1 -1
- data/spec/lib/jwt_keeper/token_spec.rb +34 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4ce4912150544b5d9944105ef36f43022c480578eb922d6a5f001c2044a53de6
|
|
4
|
+
data.tar.gz: 8f1ef7fa13008c88133aac5babbf8622070db55ac3ea49eb45ef515c23e1751b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: df62c535a49f323772ee6b7fe995ada5a1906c1ac3d80916949a30c7030c058eea47105368edc97351c1853bdf11cf6f561452e21d71d2d79f32246964acf3b5
|
|
7
|
+
data.tar.gz: b03abb09f142d3d5b27706b9792be412ea8c5698b4c7c385a343f15cd147cf9b71202c32b24b7dbbd892a9ac054be6918b9562498f7f8a347d30d054d54ddc19
|
data/lib/jwt_keeper/token.rb
CHANGED
|
@@ -36,11 +36,11 @@ module JWTKeeper
|
|
|
36
36
|
# @param raw_token [String] the raw token
|
|
37
37
|
# @param cookie_secret [String] the cookie secret
|
|
38
38
|
# @return [Token] token object
|
|
39
|
-
def self.find(raw_token, secret: nil, cookie_secret: nil)
|
|
40
|
-
claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret)
|
|
39
|
+
def self.find(raw_token, secret: nil, cookie_secret: nil, iss: nil)
|
|
40
|
+
claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret, iss: iss)
|
|
41
41
|
return nil if claims.nil?
|
|
42
42
|
|
|
43
|
-
new_token = new(secret: secret, cookie_secret: cookie_secret)
|
|
43
|
+
new_token = new(secret: secret, cookie_secret: cookie_secret, iss: iss)
|
|
44
44
|
new_token.claims = claims
|
|
45
45
|
|
|
46
46
|
return nil if new_token.revoked?
|
|
@@ -73,6 +73,7 @@ module JWTKeeper
|
|
|
73
73
|
# @param new_claims [Hash] Used to override and update claims during rotation
|
|
74
74
|
# @return [Token]
|
|
75
75
|
def rotate(new_claims = nil)
|
|
76
|
+
return self if claims[:iss] != JWTKeeper.configuration.issuer
|
|
76
77
|
revoke
|
|
77
78
|
|
|
78
79
|
new_claims ||= claims.except(:iss, :aud, :exp, :nbf, :iat, :jti)
|
|
@@ -141,8 +142,9 @@ module JWTKeeper
|
|
|
141
142
|
end
|
|
142
143
|
|
|
143
144
|
# @!visibility private
|
|
144
|
-
def self.decode(raw_token, secret: nil, cookie_secret: nil)
|
|
145
|
+
def self.decode(raw_token, secret: nil, cookie_secret: nil, iss: nil)
|
|
145
146
|
secret ||= JWTKeeper.configuration.secret
|
|
147
|
+
iss ||= JWTKeeper.configuration.issuer
|
|
146
148
|
|
|
147
149
|
JWT.decode(raw_token, secret.to_s + cookie_secret.to_s, true,
|
|
148
150
|
algorithm: JWTKeeper.configuration.algorithm,
|
|
@@ -152,7 +154,7 @@ module JWTKeeper
|
|
|
152
154
|
verify_sub: false,
|
|
153
155
|
verify_jti: false,
|
|
154
156
|
leeway: 0,
|
|
155
|
-
iss:
|
|
157
|
+
iss: iss,
|
|
156
158
|
aud: JWTKeeper.configuration.audience
|
|
157
159
|
).first.symbolize_keys
|
|
158
160
|
|
data/lib/jwt_keeper/version.rb
CHANGED
|
@@ -33,6 +33,16 @@ module JWTKeeper
|
|
|
33
33
|
it { is_expected.to be_instance_of described_class }
|
|
34
34
|
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
35
35
|
end
|
|
36
|
+
|
|
37
|
+
context 'when overriding default issuer' do
|
|
38
|
+
subject { described_class.create(**private_claims, iss: issuer) }
|
|
39
|
+
|
|
40
|
+
let(:issuer) { 'ISSUER' }
|
|
41
|
+
|
|
42
|
+
it { is_expected.to be_instance_of described_class }
|
|
43
|
+
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
44
|
+
it { expect(subject.claims[:iss]).to eql issuer }
|
|
45
|
+
end
|
|
36
46
|
end
|
|
37
47
|
|
|
38
48
|
describe '.find' do
|
|
@@ -79,6 +89,23 @@ module JWTKeeper
|
|
|
79
89
|
it { is_expected.to be_instance_of described_class }
|
|
80
90
|
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
81
91
|
end
|
|
92
|
+
|
|
93
|
+
context 'when overriding default issuer' do
|
|
94
|
+
subject { described_class.find(raw_token, iss: issuer) }
|
|
95
|
+
|
|
96
|
+
let(:token) { described_class.create(**private_claims, iss: issuer) }
|
|
97
|
+
let(:issuer) { 'ISSUER' }
|
|
98
|
+
|
|
99
|
+
it { is_expected.to be_instance_of described_class }
|
|
100
|
+
it { expect(subject.claims[:claim]).to eql private_claims[:claim] }
|
|
101
|
+
it { expect(subject.claims[:iss]).to eql issuer }
|
|
102
|
+
|
|
103
|
+
context 'with an issuer mismatch' do
|
|
104
|
+
subject { described_class.find(raw_token) }
|
|
105
|
+
|
|
106
|
+
it { is_expected.to be nil }
|
|
107
|
+
end
|
|
108
|
+
end
|
|
82
109
|
end
|
|
83
110
|
|
|
84
111
|
describe '.rotate' do
|
|
@@ -200,6 +227,13 @@ module JWTKeeper
|
|
|
200
227
|
it { expect(new_token).to be_valid }
|
|
201
228
|
it { expect(old_token.claims[:claim]).to eq new_token.claims[:claim] }
|
|
202
229
|
it { expect(old_token.cookie_secret).not_to eq new_token.cookie_secret }
|
|
230
|
+
|
|
231
|
+
context 'with a foreign issued token' do
|
|
232
|
+
let(:old_token) { described_class.create(**private_claims, iss: 'ISSUER') }
|
|
233
|
+
let(:new_token) { old_token.rotate }
|
|
234
|
+
|
|
235
|
+
it { expect(old_token).to eq new_token }
|
|
236
|
+
end
|
|
203
237
|
end
|
|
204
238
|
|
|
205
239
|
describe '#valid?' do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt_keeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Rivera
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-02
|
|
12
|
+
date: 2021-03-02 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|