jwt_signed_request 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -2
  3. data/lib/jwt_signed_request.rb +9 -1
  4. data/lib/jwt_signed_request/middlewares/rack.rb +1 -1
  5. data/lib/jwt_signed_request/version.rb +1 -1
  6. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 753794ac95f697ec022de56fe9d4db85265e4920
4
- data.tar.gz: 16109643b05330e94cd586f246e57039892fa2ee
3
+ metadata.gz: 427fe8633c579541cd1e42bdf573b3e3d4017ad0
4
+ data.tar.gz: 393611e2bd664892a8485c9a012ed6640b4c2f04
5
5
  SHA512:
6
- metadata.gz: 85f8a16181085937c113444c211d7e0eba0ecfe865d6e829576589713825df3263f392f44a4edb08ccf2ad3986bcf702964622ed9f8e69dc28f56d85a0f83283
7
- data.tar.gz: dbbd9e2db0bfe7c0ca0c53f233af500f02aa878dfdf52edefe8408b7629b18d11da4a05016873e6361a96fb1626175e187410523e0954c9bcd558a3197bad9ff
6
+ metadata.gz: '0081e1187e16f6e38a8ef7dbe0acd95388c4111f0097acea9319b9b271e88d6ddcc882513b9945eb469d0ce3d5644829d12cbd7f49181fc67d5de1d6e5551c98'
7
+ data.tar.gz: c5020b652569207bfe5bd9f8c40cc28f04f646003c8bd57f5133202f17d99d9ac6fe7895da978c3ef3a774e48473d772aaa77d043184f795e8d130700e8c3269
data/README.md CHANGED
@@ -1,4 +1,5 @@
1
1
  # JWT Signed Request
2
+ [![travis ci build](https://api.travis-ci.org/envato/jwt_signed_request.svg)](https://travis-ci.org/envato/jwt_signed_request)
2
3
 
3
4
  Request signing and verification for Internal APIs using JWT.
4
5
 
@@ -85,7 +86,7 @@ AwEHoUQDQgAEuOC3ufTTnW0hVmCPNERb4LxaDE/OexDdlmXEjHYaixzYIduluGXd
85
86
  conn = Faraday.new(url: URI.parse('http://example.com')) do |faraday|
86
87
  faraday.use JWTSignedRequest::Middlewares::Faraday,
87
88
  secret_key: OpenSSL::PKey::EC.new(private_key),
88
- algorithm: 'EC256', # optional (default: ES256)
89
+ algorithm: 'ES256', # optional (default: ES256)
89
90
  key_id: 'my-key-id', # optional
90
91
  issuer: 'my-issuer', # optional
91
92
  additional_headers_to_sign: ['X-AUTH'] # optional
@@ -169,7 +170,7 @@ We welcome contribution from everyone. Read more about it in
169
170
 
170
171
  For bug fixes, documentation changes, and small features:
171
172
 
172
- 1. Fork it ( https://github.com/[my-github-username]/jwt_signed_request/fork )
173
+ 1. Fork it ( https://github.com/envato/jwt_signed_request/fork )
173
174
  2. Create your feature branch (git checkout -b my-new-feature)
174
175
  3. Commit your changes (git commit -am 'Add some feature')
175
176
  4. Push to the branch (git push origin my-new-feature)
data/lib/jwt_signed_request.rb CHANGED
@@ -50,12 +50,20 @@ module JWTSignedRequest
50
50
  def self.verified_request?(request:, claims:)
51
51
  claims['method'].downcase == request.request_method.downcase &&
52
52
  claims['path'] == request.fullpath &&
53
- claims['body_sha'] == Digest::SHA256.hexdigest(request.body.read || "") &&
53
+ claims['body_sha'] == Digest::SHA256.hexdigest(request_body(request: request)) &&
54
54
  verified_headers?(request: request, claims: claims)
55
55
  end
56
56
 
57
57
  private_class_method :verified_request?
58
58
 
59
+ def self.request_body(request:)
60
+ string = request.body.read
61
+ request.body.rewind
62
+ string
63
+ end
64
+
65
+ private_class_method :request_body
66
+
59
67
  def self.verified_headers?(request:, claims:)
60
68
  parsed_headers = JSON.parse(claims['headers'])
61
69
 
data/lib/jwt_signed_request/middlewares/rack.rb CHANGED
@@ -4,7 +4,7 @@ require 'jwt_signed_request'
4
4
  module JWTSignedRequest
5
5
  module Middlewares
6
6
  class Rack
7
- UNAUTHORIZED_STATUS_CODE = 401.freeze
7
+ UNAUTHORIZED_STATUS_CODE = 401
8
8
 
9
9
  def initialize(app, options = {})
10
10
  @app = app
data/lib/jwt_signed_request/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module JWTSignedRequest
2
- VERSION = "1.0.1".freeze
2
+ VERSION = "1.0.2".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jwt_signed_request
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Toan Nguyen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-20 00:00:00.000000000 Z
11
+ date: 2017-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -141,9 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
141
141
  version: '0'
142
142
  requirements: []
143
143
  rubyforge_project:
144
- rubygems_version: 2.4.5.1
144
+ rubygems_version: 2.5.2
145
145
  signing_key:
146
146
  specification_version: 4
147
147
  summary: JWT request signing and verification for Internal APIs
148
148
  test_files: []
149
- has_rdoc: