jwt_signed_request 1.2.1 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/jwt_signed_request/version.rb +1 -1
- data/lib/jwt_signed_request.rb +6 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6fa8c63dbbcbd416f397ff940a5456134d94e764
|
4
|
+
data.tar.gz: 794b7c510557b12ed9947eba5e1c82b79c944ff1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fe0c6c4b1149b267fae6a00818fd818e8731e1d9bcac00b495abe6751d70f5f7e7ae88ed857fea012c05a3a29132ff2e148b488d6ecab566d4d3f523d63d702c
|
7
|
+
data.tar.gz: 9951441f024bf82334b30099a6ee4d586c6f49a550c1bc32a3c9cc261eebd9d49b4f68c635663e8c3f0679f580fd4a11e680518591b6377f16590c9607b55309
|
data/lib/jwt_signed_request.rb
CHANGED
@@ -60,7 +60,7 @@ module JWTSignedRequest
|
|
60
60
|
end
|
61
61
|
|
62
62
|
def self.verified_request?(request:, claims:)
|
63
|
-
claims['method'].downcase == request.request_method.downcase &&
|
63
|
+
claims['method'].to_s.downcase == request.request_method.downcase &&
|
64
64
|
claims['path'] == request.fullpath &&
|
65
65
|
claims['body_sha'] == Digest::SHA256.hexdigest(request_body(request: request)) &&
|
66
66
|
verified_headers?(request: request, claims: claims)
|
@@ -77,7 +77,11 @@ module JWTSignedRequest
|
|
77
77
|
private_class_method :request_body
|
78
78
|
|
79
79
|
def self.verified_headers?(request:, claims:)
|
80
|
-
parsed_headers =
|
80
|
+
parsed_headers = begin
|
81
|
+
JSON.parse(claims['headers'].to_s)
|
82
|
+
rescue JSON::ParserError
|
83
|
+
{}
|
84
|
+
end
|
81
85
|
|
82
86
|
parsed_headers.all? do |header_key, header_value|
|
83
87
|
Headers.fetch(header_key, request) == header_value
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt_signed_request
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Toan Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
143
|
rubyforge_project:
|
144
|
-
rubygems_version: 2.
|
144
|
+
rubygems_version: 2.5.2
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: JWT request signing and verification for Internal APIs
|