openid_connect 0.3.5 → 0.3.6

data/Gemfile.lock

@@ -1,12 +1,12 @@
 PATH
   remote: .
   specs:
-    openid_connect (0.3.5)
+    openid_connect (0.3.6)
       activemodel (>= 3)
       attr_required (>= 0.0.5)
       json (>= 1.4.3)
-      json-jwt (>= 0.3.0)
-      rack-oauth2 (>= 0.14.2)
+      json-jwt (>= 0.3.3)
+      rack-oauth2 (>= 1.0.0)
       swd (>= 0.1.2)
       tzinfo
       validate_email
@@ -35,8 +35,7 @@ GEM
     httpclient (2.3.0.1)
     i18n (0.6.1)
     json (1.7.5)
-    json (1.7.5-java)
-    json-jwt (0.3.2)
+    json-jwt (0.3.3)
       activesupport (>= 2.3)
       i18n
       json (>= 1.4.3)

data/VERSION

@@ -1 +1 @@
-0.3.5
+0.3.6

data/lib/openid_connect/jwtnizable.rb

@@ -1,6 +1,6 @@
 module OpenIDConnect
   module JWTnizable
-    def to_jwt(key, algorithm = :RS256)
+    def to_jwt(key, algorithm = :RS256, &block)
       token = JSON::JWT.new as_json
       yield token if block_given?
       if algorithm != :none

data/lib/openid_connect/request_object.rb

@@ -26,6 +26,7 @@ module OpenIDConnect
     alias_method_chain :as_json, :user_info
 
     include JWTnizable
+
     class << self
       def decode(jwt_string, key)
         new JSON::JWT.decode(jwt_string, key)

data/lib/openid_connect/response_object/id_token.rb

@@ -7,6 +7,7 @@ module OpenIDConnect
 
       attr_required :iss, :user_id, :aud, :exp, :iat
       attr_optional :acr, :auth_time, :nonce, :user_jwk, :at_hash, :c_hash
+      attr_accessor :access_token, :code
 
       def initialize(attributes = {})
         super
@@ -24,6 +25,31 @@ module OpenIDConnect
       end
 
       include JWTnizable
+      def to_jwt_with_at_hash_and_c_hash(key, algorithm = :RS256, &block)
+        hash_length = algorithm.to_s[2, 3].to_i
+        if access_token
+          token = case access_token
+          when Rack::OAuth2::AccessToken
+            access_token.access_token
+          else
+            access_token
+          end
+          self.at_hash = left_half_hash_of token, hash_length
+        end
+        if code
+          self.c_hash = left_half_hash_of code, hash_length
+        end
+        to_jwt_without_at_hash_and_c_hash key, algorithm, &block
+      end
+      alias_method_chain :to_jwt, :at_hash_and_c_hash
+
+      private
+
+      def left_half_hash_of(string, hash_length)
+        digest = OpenSSL::Digest::Digest.new("SHA#{hash_length}").digest string
+        UrlSafeBase64.encode64 digest[0, hash_length / (2 * 8)]
+      end
+
       class << self
         def decode(jwt_string, key)
           if key == :self_issued

data/openid_connect.gemspec

@@ -16,9 +16,9 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "activemodel", ">= 3"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 0.3.0"
+  s.add_runtime_dependency "json-jwt", ">= 0.3.3"
   s.add_runtime_dependency "swd", ">= 0.1.2"
-  s.add_runtime_dependency "rack-oauth2", ">= 0.14.2"
+  s.add_runtime_dependency "rack-oauth2", ">= 1.0.0"
   s.add_development_dependency "rake", ">= 0.8"
   s.add_development_dependency "rspec", ">= 2"
   s.add_development_dependency "webmock", ">= 1.6.2"

data/spec/openid_connect/response_object/id_token_spec.rb

@@ -137,6 +137,70 @@ describe OpenIDConnect::ResponseObject::IdToken do
         h.should include 'x5u'
       end
     end
+
+    context 'when access_token is given' do
+      shared_examples_for :id_token_with_at_hash do
+        it 'should include at_hash' do
+          t = id_token.to_jwt private_key
+          jwt = JSON::JWT.decode t, public_key
+          jwt.should include :at_hash
+          jwt.should_not include :c_hash
+          jwt[:at_hash].should == UrlSafeBase64.encode64(
+            OpenSSL::Digest::SHA256.digest('access_token')[0, 128 / 8]
+          )
+        end
+      end
+
+      context 'when access_token is a Rack::OAuth2::AccessToken' do
+        before { id_token.access_token = Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token') }
+        it_should_behave_like :id_token_with_at_hash
+      end
+
+      context 'when access_token is a String' do
+        before { id_token.access_token = 'access_token' }
+        it_should_behave_like :id_token_with_at_hash
+      end
+    end
+
+    context 'when code is given' do
+      before { id_token.code = 'authorization_code' }
+      it 'should include at_hash' do
+        t = id_token.to_jwt private_key
+        jwt = JSON::JWT.decode t, public_key
+        jwt.should_not include :at_hash
+        jwt.should include :c_hash
+        jwt[:c_hash].should == UrlSafeBase64.encode64(
+          OpenSSL::Digest::SHA256.digest('authorization_code')[0, 128 / 8]
+        )
+      end
+    end
+
+    context 'when both access_token and code are given' do
+      before do
+        id_token.access_token = 'access_token'
+        id_token.code = 'authorization_code'
+      end
+      it 'should include at_hash' do
+        t = id_token.to_jwt private_key
+        jwt = JSON::JWT.decode t, public_key
+        jwt.should include :at_hash
+        jwt.should include :c_hash
+        jwt[:at_hash].should == UrlSafeBase64.encode64(
+          OpenSSL::Digest::SHA256.digest('access_token')[0, 128 / 8]
+        )
+        jwt[:c_hash].should == UrlSafeBase64.encode64(
+          OpenSSL::Digest::SHA256.digest('authorization_code')[0, 128 / 8]
+        )
+      end
+    end
+
+    context 'when neither access_token nor code are given' do
+      it 'should include at_hash' do
+        t = id_token.to_jwt private_key
+        jwt = JSON::JWT.decode t, public_key
+        jwt.should_not include :at_hash, :c_hash
+      end
+    end
   end
 
   describe '#as_json' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.3.6
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-18 00:00:00.000000000 Z
+date: 2012-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -114,7 +114,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.3.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -122,7 +122,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.3.3
 - !ruby/object:Gem::Dependency
   name: swd
   requirement: !ruby/object:Gem::Requirement
@@ -146,7 +146,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -327,7 +327,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3677536846198614585
+      hash: 2386054182410413464
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -336,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3677536846198614585
+      hash: 2386054182410413464
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24