openid_connect 0.9.1 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2d1fc4cbeb17d2ecdfaf458baa1224cbbc9fc6ba
4
- data.tar.gz: ab5dde2730ff6f27368749cb1a70a4e8a4cbd9ce
3
+ metadata.gz: 0c8f7a65bb459955b2c3b48c95136b767d2299db
4
+ data.tar.gz: b425f0dd8c76e63749920ab0079a3ba60218721b
5
5
  SHA512:
6
- metadata.gz: b0f75a52f9582a982f00626d3e1505b5865918fe934d2c92880d850b225c3ad01281e2202136d344bcddaacfb692a392d3aa7c084191973c4435ce23be09c062
7
- data.tar.gz: e8f48acf61ddefa1c79230bb771005ae6a3e3c6d092ee5e2ab72a4fd25ff8158ff7ac9aa183dc3e6d477c0d13b84a8272d3fd478775a8ba6099d3e9bf6782eff
6
+ metadata.gz: 8fe38d6c1f68b1c0d1b15762ea42c9c3dffb17334490766d088e31c3c1ff1b98915bbe56d4884f146b3d2ec1565f622155e7d47bea199a5b3f484640b031a42c
7
+ data.tar.gz: c07ffac0ba172baa94dbf46efb4bfcb921ec29fc541ce0385aca6494e34601de05ad789943f1144fd6ed2f07ac23fe691a346b798e93d3f1f24181f412c9c683
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.9.1
1
+ 0.9.2
@@ -84,9 +84,7 @@ module OpenIDConnect
84
84
  end
85
85
 
86
86
  def public_keys
87
- @public_keys ||= jwks.collect do |jwk|
88
- JSON::JWK.decode jwk
89
- end
87
+ @public_keys ||= jwks.collect(&:to_key)
90
88
  end
91
89
  end
92
90
  end
@@ -63,11 +63,10 @@ module OpenIDConnect
63
63
 
64
64
  def decode_self_issued(jwt_string)
65
65
  jwt = JSON::JWT.decode jwt_string, :skip_verification
66
- jwk = jwt[:sub_jwk]
66
+ jwk = JSON::JWK.new jwt[:sub_jwk]
67
67
  raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
68
- raise InvalidToken.new('Invalid subject') unless jwt[:sub] == self_issued_subject(jwk)
69
- public_key = JSON::JWK.decode jwk
70
- jwt = JSON::JWT.decode jwt_string, public_key
68
+ raise InvalidToken.new('Invalid subject') unless jwt[:sub] == jwk.thumbprint
69
+ jwt.verify! jwk
71
70
  new jwt
72
71
  end
73
72
 
@@ -75,23 +74,10 @@ module OpenIDConnect
75
74
  attributes[:sub_jwk] ||= JSON::JWK.new attributes.delete(:public_key)
76
75
  _attributes_ = {
77
76
  iss: 'https://self-issued.me',
78
- sub: self_issued_subject(attributes[:sub_jwk])
77
+ sub: JSON::JWK.new(attributes[:sub_jwk]).thumbprint
79
78
  }.merge(attributes)
80
79
  new _attributes_
81
80
  end
82
-
83
- def self_issued_subject(jwk)
84
- subject_base_string = case jwk[:kty].to_s
85
- when 'RSA'
86
- [jwk[:n], jwk[:e]].join
87
- when 'EC'
88
- raise NotImplementedError.new('Not Implemented Yet')
89
- else
90
- # Shouldn't reach here. All unknown algorithm error should occurs when decoding JWK
91
- raise InvalidToken.new('Unknown Algorithm')
92
- end
93
- UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(subject_base_string)
94
- end
95
81
  end
96
82
  end
97
83
  end
@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
18
18
  s.add_runtime_dependency "activemodel"
19
19
  s.add_runtime_dependency "validate_url"
20
20
  s.add_runtime_dependency "validate_email"
21
- s.add_runtime_dependency "json-jwt", ">= 1.3.1"
21
+ s.add_runtime_dependency "json-jwt", ">= 1.5.0"
22
22
  s.add_runtime_dependency "swd", ">= 1.0.0"
23
23
  s.add_runtime_dependency "webfinger", ">= 1.0.1"
24
24
  s.add_runtime_dependency "rack-oauth2", ">= 1.2.1"
@@ -232,12 +232,12 @@ describe OpenIDConnect::ResponseObject::IdToken do
232
232
  its(key) { should == attributes[key] }
233
233
  end
234
234
  its(:exp) { should == attributes[:exp].to_i }
235
- its(:raw_attributes) { should be_instance_of JSON::JWT }
235
+ its(:raw_attributes) { should be_instance_of JSON::JWS }
236
236
 
237
237
  context 'when self-issued' do
238
238
  context 'when valid' do
239
239
  let(:self_issued) do
240
- 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiOWp1WGpObmFmbUhhdXF5TGNMRXZ2eGkweEZNMlZXZWtEQVhTUTZkMEFfYyIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTM3MzExNTU5OSwiaWF0IjoxMzcyNTEwNzk5LCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6InR1V1VKWUlEeTh3SVBnSnhicDNxbkVlaUVyWTk5bTY2N1lqc0JNelYzYUV1WlJobDJhVE81aFpGTXZ0eHljUi1jS3ZiV25Balg2bjgtRlFhb2Z4R1Qyb21NYTZjcTN6S2hjQ2N6dl81UElwVkJEQkpmMDN3YUIzU1h0R2ZtVDdBMklYUHdSSER4Tjllc0s1dWxzT0MtZl9IOXM4N3Z0U0RYVUhLZDVxS0JaNzhfc0I4eG10UFk0OGVmRVRXNnVDZHBnSy11U1hsYVJKbnN3YXRfdlIyRHJCWjZiOUJfQ0dYWHYxS1JRX1dDUmxoR2RNX294dFNMWHZGai00MlNFSnU5RHB3UzhjRUhKRTFHeU8xSmM2V1dfSTJZMXR5ZUs1Zm1RREpHZklpcUJvWkdBRFg1RUpjYm1aMmtWU2gxaXB0c2dZRUk0c2U0MW15LTdaUGZlZkQ4USJ9fQ.Gy31NnvCUSnS-cZuC4kQqR-DHcvZ0b8y7sNnp-2oCpXoHydGkVoVLsGXesUz6KB7RSB2cjoBySz0_k4eI_Trg7pR94zHCPf4U76mnCujGj7x09O3THlwiyYE3-V2ejhfAEhAXkzQNFu57HbWtvHVGP8SHnNs5NUY2YqJvchQ2uCrWYU4OyHdEnMQXbAdZcj2ltNIHREXtZTOxZhJ5fYUIbynBC27lxETI0LTHfHAzSwzKuFpM0zE99Uhrt7v17Us8gAGlUZIC-A3x2Och_8ryBCJaugROagSv3FoS-LvzaciEu5VLbi3EB9sFP4et_12ZSjFWNEAw5VeSBzF1l0kBQ'
240
+ 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiMmdDUWFLUmJkY0RaeUlDTE92ODJJR2EtdHBSVU52QW1ZN3BnZ3Z5NGdENCIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTQ0MjQ4Mjc4MiwiaWF0IjoxNDQxODc3OTgyLCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6IjN1RzNiSTV6MTFhM1hlOXUyZFVJNDBpcWZrVl9vTmFQVmNlalN4V3l0YnMybTZKMGMzNjJESlJQNGtyUl9TZjNtQXJ3Qjd6Qm5UWExkbW1tZW85VzloSDhsSnFGOUthMTY3dHBTQWJCajB1MjhyaTgwZFZ4NUxzblJTX19uUUd6Y3dNa2sxTTBERUx2X0FXbVYwU2JudDhJZEpSeFhwdG5xRE5tWXJ0cmItMkk0a1lwRHlwN2pvTXd0bDNXeGp2cnkwbENLNExqOU9SeXdod05zYUU2MHFsako5aHBGZV8wTmpmaThzaVBlMDRJSkFaUjl3NXo0TnAtQS1HbWdmeTNJTmNZVFYyQ25FekNSY29HSGl5OGduRzA1a015TnRtZTFVdV8xanBhdF9lcF9QUG9PWEJ6Q1NwbzB5QlRNSWhmdEJTQ3p2a2V1ZFdhNks2aW5LMkYxdyJ9fQ.wchF80oFxdjEcOEwPZ9TUlV6R96Vz8XK9MzednMOsZmEMnNSEqKKTyO0Mhp9lijJPZX8J7lTtAGkz4gfsjyoYBIHQOTf0qHRHSx9RTeC31whw1TJ9x5V6UXpKN0EW1EhjAEGIZ0EyFJ-cRTgVs0V7PT7e63JOUYyW6LqqHa4MV9SdK8BdnaN0D4-402Pf7yFqjneSHq3KZbXcgjUPT_hszsGvnn9qEyuIHQqON6YnDt55z5SvP_RfKtBfUe2VY-yglJT41LfhkIgpvjLYdYYRPh9G9ftJr17qht5RtHSNpTp4FPw7BR7rCnptb4xTxyq-sLu7qjSLRtqQ35Xpi_6qQ'
241
241
  end
242
242
 
243
243
  context 'when key == :self_issued' do
@@ -300,41 +300,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
300
300
  end
301
301
  its(:iss) { should == 'https://self-issued.me' }
302
302
  its(:sub_jwk) { should == sub_jwk}
303
- its(:subject) { should == OpenIDConnect::ResponseObject::IdToken.self_issued_subject(sub_jwk) }
304
- end
305
-
306
- describe '.self_issued_subject' do
307
- context 'when RSA key given' do
308
- let(:jwk) { JSON::JWK.new(public_key) }
309
- it do
310
- user_id = klass.self_issued_subject jwk
311
- user_id.should == UrlSafeBase64.encode64(
312
- OpenSSL::Digest::SHA256.digest([jwk[:n], jwk[:e]].join)
313
- )
314
- end
315
- end
316
-
317
- context 'when EC key given' do
318
- let(:jwk) { JSON::JWK.new(ec_public_key) }
319
- it do
320
- expect do
321
- klass.self_issued_subject jwk
322
- end.to raise_error NotImplementedError
323
- end
324
- end
325
-
326
- context 'when unknown algorithm JWK given' do
327
- let(:jwk) do
328
- {
329
- alg: 'unknown'
330
- }
331
- end
332
-
333
- it do
334
- expect do
335
- klass.self_issued_subject jwk
336
- end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
337
- end
338
- end
303
+ its(:subject) { should == sub_jwk.thumbprint }
339
304
  end
340
305
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.1
4
+ version: 0.9.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-14 00:00:00.000000000 Z
11
+ date: 2015-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - ">="
102
102
  - !ruby/object:Gem::Version
103
- version: 1.3.1
103
+ version: 1.5.0
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - ">="
109
109
  - !ruby/object:Gem::Version
110
- version: 1.3.1
110
+ version: 1.5.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: swd
113
113
  requirement: !ruby/object:Gem::Requirement