jwt_signed_request 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -2
  3. data/lib/jwt_signed_request.rb +9 -1
  4. data/lib/jwt_signed_request/middlewares/rack.rb +1 -1
  5. data/lib/jwt_signed_request/version.rb +1 -1
  6. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 753794ac95f697ec022de56fe9d4db85265e4920
4
- data.tar.gz: 16109643b05330e94cd586f246e57039892fa2ee
3
+ metadata.gz: 427fe8633c579541cd1e42bdf573b3e3d4017ad0
4
+ data.tar.gz: 393611e2bd664892a8485c9a012ed6640b4c2f04
5
5
  SHA512:
6
- metadata.gz: 85f8a16181085937c113444c211d7e0eba0ecfe865d6e829576589713825df3263f392f44a4edb08ccf2ad3986bcf702964622ed9f8e69dc28f56d85a0f83283
7
- data.tar.gz: dbbd9e2db0bfe7c0ca0c53f233af500f02aa878dfdf52edefe8408b7629b18d11da4a05016873e6361a96fb1626175e187410523e0954c9bcd558a3197bad9ff
6
+ metadata.gz: '0081e1187e16f6e38a8ef7dbe0acd95388c4111f0097acea9319b9b271e88d6ddcc882513b9945eb469d0ce3d5644829d12cbd7f49181fc67d5de1d6e5551c98'
7
+ data.tar.gz: c5020b652569207bfe5bd9f8c40cc28f04f646003c8bd57f5133202f17d99d9ac6fe7895da978c3ef3a774e48473d772aaa77d043184f795e8d130700e8c3269
data/README.md CHANGED
@@ -1,4 +1,5 @@
1
1
  # JWT Signed Request
2
+ [![travis ci build](https://api.travis-ci.org/envato/jwt_signed_request.svg)](https://travis-ci.org/envato/jwt_signed_request)
2
3
 
3
4
  Request signing and verification for Internal APIs using JWT.
4
5
 
@@ -85,7 +86,7 @@ AwEHoUQDQgAEuOC3ufTTnW0hVmCPNERb4LxaDE/OexDdlmXEjHYaixzYIduluGXd
85
86
  conn = Faraday.new(url: URI.parse('http://example.com')) do |faraday|
86
87
  faraday.use JWTSignedRequest::Middlewares::Faraday,
87
88
  secret_key: OpenSSL::PKey::EC.new(private_key),
88
- algorithm: 'EC256', # optional (default: ES256)
89
+ algorithm: 'ES256', # optional (default: ES256)
89
90
  key_id: 'my-key-id', # optional
90
91
  issuer: 'my-issuer', # optional
91
92
  additional_headers_to_sign: ['X-AUTH'] # optional
@@ -169,7 +170,7 @@ We welcome contribution from everyone. Read more about it in
169
170
 
170
171
  For bug fixes, documentation changes, and small features:
171
172
 
172
- 1. Fork it ( https://github.com/[my-github-username]/jwt_signed_request/fork )
173
+ 1. Fork it ( https://github.com/envato/jwt_signed_request/fork )
173
174
  2. Create your feature branch (git checkout -b my-new-feature)
174
175
  3. Commit your changes (git commit -am 'Add some feature')
175
176
  4. Push to the branch (git push origin my-new-feature)
data/lib/jwt_signed_request.rb CHANGED
@@ -50,12 +50,20 @@ module JWTSignedRequest
50
50
  def self.verified_request?(request:, claims:)
51
51
  claims['method'].downcase == request.request_method.downcase &&
52
52
  claims['path'] == request.fullpath &&
53
- claims['body_sha'] == Digest::SHA256.hexdigest(request.body.read || "") &&
53
+ claims['body_sha'] == Digest::SHA256.hexdigest(request_body(request: request)) &&
54
54
  verified_headers?(request: request, claims: claims)
55
55
  end
56
56
 
57
57
  private_class_method :verified_request?
58
58
 
59
+ def self.request_body(request:)
60
+ string = request.body.read
61
+ request.body.rewind
62
+ string
63
+ end
64
+
65
+ private_class_method :request_body
66
+
59
67
  def self.verified_headers?(request:, claims:)
60
68
  parsed_headers = JSON.parse(claims['headers'])
61
69
 
data/lib/jwt_signed_request/middlewares/rack.rb CHANGED
@@ -4,7 +4,7 @@ require 'jwt_signed_request'
4
4
  module JWTSignedRequest
5
5
  module Middlewares
6
6
  class Rack
7
- UNAUTHORIZED_STATUS_CODE = 401.freeze
7
+ UNAUTHORIZED_STATUS_CODE = 401
8
8
 
9
9
  def initialize(app, options = {})
10
10
  @app = app
data/lib/jwt_signed_request/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module JWTSignedRequest
2
- VERSION = "1.0.1".freeze
2
+ VERSION = "1.0.2".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_signed_request
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Toan Nguyen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-20 00:00:00.000000000 Z
11
+ date: 2017-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -141,9 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
141
141
  version: '0'
142
142
  requirements: []
143
143
  rubyforge_project:
144
- rubygems_version: 2.4.5.1
144
+ rubygems_version: 2.5.2
145
145
  signing_key:
146
146
  specification_version: 4
147
147
  summary: JWT request signing and verification for Internal APIs
148
148
  test_files: []
149
- has_rdoc: