openid_connect 0.9.1 → 0.9.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2d1fc4cbeb17d2ecdfaf458baa1224cbbc9fc6ba
4
- data.tar.gz: ab5dde2730ff6f27368749cb1a70a4e8a4cbd9ce
3
+ metadata.gz: 0c8f7a65bb459955b2c3b48c95136b767d2299db
4
+ data.tar.gz: b425f0dd8c76e63749920ab0079a3ba60218721b
5
5
  SHA512:
6
- metadata.gz: b0f75a52f9582a982f00626d3e1505b5865918fe934d2c92880d850b225c3ad01281e2202136d344bcddaacfb692a392d3aa7c084191973c4435ce23be09c062
7
- data.tar.gz: e8f48acf61ddefa1c79230bb771005ae6a3e3c6d092ee5e2ab72a4fd25ff8158ff7ac9aa183dc3e6d477c0d13b84a8272d3fd478775a8ba6099d3e9bf6782eff
6
+ metadata.gz: 8fe38d6c1f68b1c0d1b15762ea42c9c3dffb17334490766d088e31c3c1ff1b98915bbe56d4884f146b3d2ec1565f622155e7d47bea199a5b3f484640b031a42c
7
+ data.tar.gz: c07ffac0ba172baa94dbf46efb4bfcb921ec29fc541ce0385aca6494e34601de05ad789943f1144fd6ed2f07ac23fe691a346b798e93d3f1f24181f412c9c683
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.9.1
1
+ 0.9.2
@@ -84,9 +84,7 @@ module OpenIDConnect
84
84
  end
85
85
 
86
86
  def public_keys
87
- @public_keys ||= jwks.collect do |jwk|
88
- JSON::JWK.decode jwk
89
- end
87
+ @public_keys ||= jwks.collect(&:to_key)
90
88
  end
91
89
  end
92
90
  end
@@ -63,11 +63,10 @@ module OpenIDConnect
63
63
 
64
64
  def decode_self_issued(jwt_string)
65
65
  jwt = JSON::JWT.decode jwt_string, :skip_verification
66
- jwk = jwt[:sub_jwk]
66
+ jwk = JSON::JWK.new jwt[:sub_jwk]
67
67
  raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
68
- raise InvalidToken.new('Invalid subject') unless jwt[:sub] == self_issued_subject(jwk)
69
- public_key = JSON::JWK.decode jwk
70
- jwt = JSON::JWT.decode jwt_string, public_key
68
+ raise InvalidToken.new('Invalid subject') unless jwt[:sub] == jwk.thumbprint
69
+ jwt.verify! jwk
71
70
  new jwt
72
71
  end
73
72
 
@@ -75,23 +74,10 @@ module OpenIDConnect
75
74
  attributes[:sub_jwk] ||= JSON::JWK.new attributes.delete(:public_key)
76
75
  _attributes_ = {
77
76
  iss: 'https://self-issued.me',
78
- sub: self_issued_subject(attributes[:sub_jwk])
77
+ sub: JSON::JWK.new(attributes[:sub_jwk]).thumbprint
79
78
  }.merge(attributes)
80
79
  new _attributes_
81
80
  end
82
-
83
- def self_issued_subject(jwk)
84
- subject_base_string = case jwk[:kty].to_s
85
- when 'RSA'
86
- [jwk[:n], jwk[:e]].join
87
- when 'EC'
88
- raise NotImplementedError.new('Not Implemented Yet')
89
- else
90
- # Shouldn't reach here. All unknown algorithm error should occurs when decoding JWK
91
- raise InvalidToken.new('Unknown Algorithm')
92
- end
93
- UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(subject_base_string)
94
- end
95
81
  end
96
82
  end
97
83
  end
@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
18
18
  s.add_runtime_dependency "activemodel"
19
19
  s.add_runtime_dependency "validate_url"
20
20
  s.add_runtime_dependency "validate_email"
21
- s.add_runtime_dependency "json-jwt", ">= 1.3.1"
21
+ s.add_runtime_dependency "json-jwt", ">= 1.5.0"
22
22
  s.add_runtime_dependency "swd", ">= 1.0.0"
23
23
  s.add_runtime_dependency "webfinger", ">= 1.0.1"
24
24
  s.add_runtime_dependency "rack-oauth2", ">= 1.2.1"
@@ -232,12 +232,12 @@ describe OpenIDConnect::ResponseObject::IdToken do
232
232
  its(key) { should == attributes[key] }
233
233
  end
234
234
  its(:exp) { should == attributes[:exp].to_i }
235
- its(:raw_attributes) { should be_instance_of JSON::JWT }
235
+ its(:raw_attributes) { should be_instance_of JSON::JWS }
236
236
 
237
237
  context 'when self-issued' do
238
238
  context 'when valid' do
239
239
  let(:self_issued) do
240
- 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiOWp1WGpObmFmbUhhdXF5TGNMRXZ2eGkweEZNMlZXZWtEQVhTUTZkMEFfYyIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTM3MzExNTU5OSwiaWF0IjoxMzcyNTEwNzk5LCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6InR1V1VKWUlEeTh3SVBnSnhicDNxbkVlaUVyWTk5bTY2N1lqc0JNelYzYUV1WlJobDJhVE81aFpGTXZ0eHljUi1jS3ZiV25Balg2bjgtRlFhb2Z4R1Qyb21NYTZjcTN6S2hjQ2N6dl81UElwVkJEQkpmMDN3YUIzU1h0R2ZtVDdBMklYUHdSSER4Tjllc0s1dWxzT0MtZl9IOXM4N3Z0U0RYVUhLZDVxS0JaNzhfc0I4eG10UFk0OGVmRVRXNnVDZHBnSy11U1hsYVJKbnN3YXRfdlIyRHJCWjZiOUJfQ0dYWHYxS1JRX1dDUmxoR2RNX294dFNMWHZGai00MlNFSnU5RHB3UzhjRUhKRTFHeU8xSmM2V1dfSTJZMXR5ZUs1Zm1RREpHZklpcUJvWkdBRFg1RUpjYm1aMmtWU2gxaXB0c2dZRUk0c2U0MW15LTdaUGZlZkQ4USJ9fQ.Gy31NnvCUSnS-cZuC4kQqR-DHcvZ0b8y7sNnp-2oCpXoHydGkVoVLsGXesUz6KB7RSB2cjoBySz0_k4eI_Trg7pR94zHCPf4U76mnCujGj7x09O3THlwiyYE3-V2ejhfAEhAXkzQNFu57HbWtvHVGP8SHnNs5NUY2YqJvchQ2uCrWYU4OyHdEnMQXbAdZcj2ltNIHREXtZTOxZhJ5fYUIbynBC27lxETI0LTHfHAzSwzKuFpM0zE99Uhrt7v17Us8gAGlUZIC-A3x2Och_8ryBCJaugROagSv3FoS-LvzaciEu5VLbi3EB9sFP4et_12ZSjFWNEAw5VeSBzF1l0kBQ'
240
+ 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiMmdDUWFLUmJkY0RaeUlDTE92ODJJR2EtdHBSVU52QW1ZN3BnZ3Z5NGdENCIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTQ0MjQ4Mjc4MiwiaWF0IjoxNDQxODc3OTgyLCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6IjN1RzNiSTV6MTFhM1hlOXUyZFVJNDBpcWZrVl9vTmFQVmNlalN4V3l0YnMybTZKMGMzNjJESlJQNGtyUl9TZjNtQXJ3Qjd6Qm5UWExkbW1tZW85VzloSDhsSnFGOUthMTY3dHBTQWJCajB1MjhyaTgwZFZ4NUxzblJTX19uUUd6Y3dNa2sxTTBERUx2X0FXbVYwU2JudDhJZEpSeFhwdG5xRE5tWXJ0cmItMkk0a1lwRHlwN2pvTXd0bDNXeGp2cnkwbENLNExqOU9SeXdod05zYUU2MHFsako5aHBGZV8wTmpmaThzaVBlMDRJSkFaUjl3NXo0TnAtQS1HbWdmeTNJTmNZVFYyQ25FekNSY29HSGl5OGduRzA1a015TnRtZTFVdV8xanBhdF9lcF9QUG9PWEJ6Q1NwbzB5QlRNSWhmdEJTQ3p2a2V1ZFdhNks2aW5LMkYxdyJ9fQ.wchF80oFxdjEcOEwPZ9TUlV6R96Vz8XK9MzednMOsZmEMnNSEqKKTyO0Mhp9lijJPZX8J7lTtAGkz4gfsjyoYBIHQOTf0qHRHSx9RTeC31whw1TJ9x5V6UXpKN0EW1EhjAEGIZ0EyFJ-cRTgVs0V7PT7e63JOUYyW6LqqHa4MV9SdK8BdnaN0D4-402Pf7yFqjneSHq3KZbXcgjUPT_hszsGvnn9qEyuIHQqON6YnDt55z5SvP_RfKtBfUe2VY-yglJT41LfhkIgpvjLYdYYRPh9G9ftJr17qht5RtHSNpTp4FPw7BR7rCnptb4xTxyq-sLu7qjSLRtqQ35Xpi_6qQ'
241
241
  end
242
242
 
243
243
  context 'when key == :self_issued' do
@@ -300,41 +300,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
300
300
  end
301
301
  its(:iss) { should == 'https://self-issued.me' }
302
302
  its(:sub_jwk) { should == sub_jwk}
303
- its(:subject) { should == OpenIDConnect::ResponseObject::IdToken.self_issued_subject(sub_jwk) }
304
- end
305
-
306
- describe '.self_issued_subject' do
307
- context 'when RSA key given' do
308
- let(:jwk) { JSON::JWK.new(public_key) }
309
- it do
310
- user_id = klass.self_issued_subject jwk
311
- user_id.should == UrlSafeBase64.encode64(
312
- OpenSSL::Digest::SHA256.digest([jwk[:n], jwk[:e]].join)
313
- )
314
- end
315
- end
316
-
317
- context 'when EC key given' do
318
- let(:jwk) { JSON::JWK.new(ec_public_key) }
319
- it do
320
- expect do
321
- klass.self_issued_subject jwk
322
- end.to raise_error NotImplementedError
323
- end
324
- end
325
-
326
- context 'when unknown algorithm JWK given' do
327
- let(:jwk) do
328
- {
329
- alg: 'unknown'
330
- }
331
- end
332
-
333
- it do
334
- expect do
335
- klass.self_issued_subject jwk
336
- end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
337
- end
338
- end
303
+ its(:subject) { should == sub_jwk.thumbprint }
339
304
  end
340
305
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.1
4
+ version: 0.9.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-14 00:00:00.000000000 Z
11
+ date: 2015-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - ">="
102
102
  - !ruby/object:Gem::Version
103
- version: 1.3.1
103
+ version: 1.5.0
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - ">="
109
109
  - !ruby/object:Gem::Version
110
- version: 1.3.1
110
+ version: 1.5.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: swd
113
113
  requirement: !ruby/object:Gem::Requirement