openid-token-proxy 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a6d5534b9ef67edc50b5003b4d7a70cf1fb4382e
-  data.tar.gz: 67c985af3debaa56cd7cfa17e34fe15433b5ff0e
+  metadata.gz: b5e9d9ee84423e1b89c8f781e4a3d5f292414ce1
+  data.tar.gz: 1669816ca639b9fab8a357167b8fc6fc686ba73d
 SHA512:
-  metadata.gz: 6bab4ffceb974e02ab030cadee28b0724fedf4efa2fe82bae676a629401e500dbc6334dad2ca8a70557f8f39a1fef799ec9cb2a51a5f9bdcf693c05e843def7b
-  data.tar.gz: 55e5f7efe285331a331d47deebeed8d11843ca4b10d54bb2f631697fb3433b069dd5f05bd450d519414382900705c30ed3218747c8543370dd9e7603ae0d1137
+  metadata.gz: eb1cd7c27884e7b6d1530dd1f0a54889fbb7272c420d2efd3c06e2dc894698acb30b240ff9376021bf48ae5d3b89ec8cb01c4410d8e2fdf9c999c9730fd5145d
+  data.tar.gz: 2c548204b87e52f31cd038d5a33045534c5a5d1fb75fcae3c48cef6e709a88db6d61e8544d9c7562801ff36a0844f3fcae920796a3251b5701732f9dcf89a071

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+### v0.1.3 - May 21, 2015
+
+- Temporary workaround for OpenSSL error queue corruption.
+
+
 ### v0.1.2 - May 18, 2015
 
 - Allow overriding `CallbackController`.

data/lib/openid_token_proxy/token.rb

@@ -72,7 +72,12 @@ module OpenIDTokenProxy
           raise Malformed.new(e.message)
         rescue JSON::JWT::VerificationFailed
           # Iterate through remaining public keys (if any)
-          # Raises TokenInvalid if none applied (see below)
+          # Raises UnverifiableSignature if none applied (see below)
+
+          # A failure in Certificate#verify leaves messages on the error queue,
+          # which can lead to errors in SSL communication down the road.
+          # See: https://bugs.ruby-lang.org/issues/7215
+          OpenSSL.errors.clear
         else
           return Token.new(access_token, object.raw_attributes)
         end

data/lib/openid_token_proxy/version.rb

@@ -1,3 +1,3 @@
 module OpenIDTokenProxy
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 end

data/spec/lib/openid_token_proxy/token_spec.rb

@@ -119,7 +119,28 @@ RSpec.describe OpenIDTokenProxy::Token do
     end
 
     context 'when token is well-formed' do
-      context 'with invalid signature or missing public keys' do
+      context 'with invalid signature' do
+        before do
+          allow(OpenIDConnect::RequestObject).to receive(:decode).and_raise JSON::JWT::VerificationFailed
+        end
+
+        it 'raises' do
+          expect do
+            described_class.decode! 'well-formed token', keys
+          end.to raise_error OpenIDTokenProxy::Token::UnverifiableSignature
+        end
+
+        it 'cleans up SSL error queue' do
+          errors = double(clear: true)
+          allow(OpenSSL).to receive(:errors).and_return errors
+          expect do
+            described_class.decode! 'well-formed token', keys
+          end.to raise_error OpenIDTokenProxy::Token::UnverifiableSignature
+          expect(errors).to have_received(:clear)
+        end
+      end
+
+      context 'with missing public keys' do
         it 'raises' do
           expect do
             described_class.decode! 'well-formed token', []

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid-token-proxy
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Tim Kurvers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-18 00:00:00.000000000 Z
+date: 2015-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: openid_connect