RubyGems - openid_connect - Versions diffs - 0.9.1 → 0.9.2 - Mend

openid_connect 0.9.1 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/lib/openid_connect/discovery/provider/config/response.rb +1 -3
data/lib/openid_connect/response_object/id_token.rb +4 -18
data/openid_connect.gemspec +1 -1
data/spec/openid_connect/response_object/id_token_spec.rb +3 -38
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d1fc4cbeb17d2ecdfaf458baa1224cbbc9fc6ba
-  data.tar.gz: ab5dde2730ff6f27368749cb1a70a4e8a4cbd9ce
+  metadata.gz: 0c8f7a65bb459955b2c3b48c95136b767d2299db
+  data.tar.gz: b425f0dd8c76e63749920ab0079a3ba60218721b
 SHA512:
-  metadata.gz: b0f75a52f9582a982f00626d3e1505b5865918fe934d2c92880d850b225c3ad01281e2202136d344bcddaacfb692a392d3aa7c084191973c4435ce23be09c062
-  data.tar.gz: e8f48acf61ddefa1c79230bb771005ae6a3e3c6d092ee5e2ab72a4fd25ff8158ff7ac9aa183dc3e6d477c0d13b84a8272d3fd478775a8ba6099d3e9bf6782eff
+  metadata.gz: 8fe38d6c1f68b1c0d1b15762ea42c9c3dffb17334490766d088e31c3c1ff1b98915bbe56d4884f146b3d2ec1565f622155e7d47bea199a5b3f484640b031a42c
+  data.tar.gz: c07ffac0ba172baa94dbf46efb4bfcb921ec29fc541ce0385aca6494e34601de05ad789943f1144fd6ed2f07ac23fe691a346b798e93d3f1f24181f412c9c683

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.9.1
1	+ 0.9.2

data/lib/openid_connect/discovery/provider/config/response.rb CHANGED Viewed

@@ -84,9 +84,7 @@ module OpenIDConnect
           end
           def public_keys
-            @public_keys ||= jwks.collect do |jwk|
-              JSON::JWK.decode jwk
-            end
+            @public_keys ||= jwks.collect(&:to_key)
           end
         end
       end

data/lib/openid_connect/response_object/id_token.rb CHANGED Viewed

@@ -63,11 +63,10 @@ module OpenIDConnect
         def decode_self_issued(jwt_string)
           jwt = JSON::JWT.decode jwt_string, :skip_verification
-          jwk = jwt[:sub_jwk]
+          jwk = JSON::JWK.new jwt[:sub_jwk]
           raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
-          raise InvalidToken.new('Invalid subject') unless jwt[:sub] == self_issued_subject(jwk)
-          public_key = JSON::JWK.decode jwk
-          jwt = JSON::JWT.decode jwt_string, public_key
+          raise InvalidToken.new('Invalid subject') unless jwt[:sub] == jwk.thumbprint
+          jwt.verify! jwk
           new jwt
         end
@@ -75,23 +74,10 @@ module OpenIDConnect
           attributes[:sub_jwk] ||= JSON::JWK.new attributes.delete(:public_key)
           _attributes_ = {
             iss: 'https://self-issued.me',
-            sub: self_issued_subject(attributes[:sub_jwk])
+            sub: JSON::JWK.new(attributes[:sub_jwk]).thumbprint
           }.merge(attributes)
           new _attributes_
         end
-        def self_issued_subject(jwk)
-          subject_base_string = case jwk[:kty].to_s
-          when 'RSA'
-            [jwk[:n], jwk[:e]].join
-          when 'EC'
-            raise NotImplementedError.new('Not Implemented Yet')
-          else
-            # Shouldn't reach here. All unknown algorithm error should occurs when decoding JWK
-            raise InvalidToken.new('Unknown Algorithm')
-          end
-          UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(subject_base_string)
-        end
       end
     end
   end

data/openid_connect.gemspec CHANGED Viewed

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "activemodel"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 1.3.1"
+  s.add_runtime_dependency "json-jwt", ">= 1.5.0"
   s.add_runtime_dependency "swd", ">= 1.0.0"
   s.add_runtime_dependency "webfinger", ">= 1.0.1"
   s.add_runtime_dependency "rack-oauth2", ">= 1.2.1"

data/spec/openid_connect/response_object/id_token_spec.rb CHANGED Viewed

@@ -232,12 +232,12 @@ describe OpenIDConnect::ResponseObject::IdToken do
       its(key) { should == attributes[key] }
     end
     its(:exp) { should == attributes[:exp].to_i }
-    its(:raw_attributes) { should be_instance_of JSON::JWT }
+    its(:raw_attributes) { should be_instance_of JSON::JWS }
     context 'when self-issued' do
       context 'when valid' do
         let(:self_issued) do
-          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiOWp1WGpObmFmbUhhdXF5TGNMRXZ2eGkweEZNMlZXZWtEQVhTUTZkMEFfYyIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTM3MzExNTU5OSwiaWF0IjoxMzcyNTEwNzk5LCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6InR1V1VKWUlEeTh3SVBnSnhicDNxbkVlaUVyWTk5bTY2N1lqc0JNelYzYUV1WlJobDJhVE81aFpGTXZ0eHljUi1jS3ZiV25Balg2bjgtRlFhb2Z4R1Qyb21NYTZjcTN6S2hjQ2N6dl81UElwVkJEQkpmMDN3YUIzU1h0R2ZtVDdBMklYUHdSSER4Tjllc0s1dWxzT0MtZl9IOXM4N3Z0U0RYVUhLZDVxS0JaNzhfc0I4eG10UFk0OGVmRVRXNnVDZHBnSy11U1hsYVJKbnN3YXRfdlIyRHJCWjZiOUJfQ0dYWHYxS1JRX1dDUmxoR2RNX294dFNMWHZGai00MlNFSnU5RHB3UzhjRUhKRTFHeU8xSmM2V1dfSTJZMXR5ZUs1Zm1RREpHZklpcUJvWkdBRFg1RUpjYm1aMmtWU2gxaXB0c2dZRUk0c2U0MW15LTdaUGZlZkQ4USJ9fQ.Gy31NnvCUSnS-cZuC4kQqR-DHcvZ0b8y7sNnp-2oCpXoHydGkVoVLsGXesUz6KB7RSB2cjoBySz0_k4eI_Trg7pR94zHCPf4U76mnCujGj7x09O3THlwiyYE3-V2ejhfAEhAXkzQNFu57HbWtvHVGP8SHnNs5NUY2YqJvchQ2uCrWYU4OyHdEnMQXbAdZcj2ltNIHREXtZTOxZhJ5fYUIbynBC27lxETI0LTHfHAzSwzKuFpM0zE99Uhrt7v17Us8gAGlUZIC-A3x2Och_8ryBCJaugROagSv3FoS-LvzaciEu5VLbi3EB9sFP4et_12ZSjFWNEAw5VeSBzF1l0kBQ'
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiMmdDUWFLUmJkY0RaeUlDTE92ODJJR2EtdHBSVU52QW1ZN3BnZ3Z5NGdENCIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTQ0MjQ4Mjc4MiwiaWF0IjoxNDQxODc3OTgyLCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6IjN1RzNiSTV6MTFhM1hlOXUyZFVJNDBpcWZrVl9vTmFQVmNlalN4V3l0YnMybTZKMGMzNjJESlJQNGtyUl9TZjNtQXJ3Qjd6Qm5UWExkbW1tZW85VzloSDhsSnFGOUthMTY3dHBTQWJCajB1MjhyaTgwZFZ4NUxzblJTX19uUUd6Y3dNa2sxTTBERUx2X0FXbVYwU2JudDhJZEpSeFhwdG5xRE5tWXJ0cmItMkk0a1lwRHlwN2pvTXd0bDNXeGp2cnkwbENLNExqOU9SeXdod05zYUU2MHFsako5aHBGZV8wTmpmaThzaVBlMDRJSkFaUjl3NXo0TnAtQS1HbWdmeTNJTmNZVFYyQ25FekNSY29HSGl5OGduRzA1a015TnRtZTFVdV8xanBhdF9lcF9QUG9PWEJ6Q1NwbzB5QlRNSWhmdEJTQ3p2a2V1ZFdhNks2aW5LMkYxdyJ9fQ.wchF80oFxdjEcOEwPZ9TUlV6R96Vz8XK9MzednMOsZmEMnNSEqKKTyO0Mhp9lijJPZX8J7lTtAGkz4gfsjyoYBIHQOTf0qHRHSx9RTeC31whw1TJ9x5V6UXpKN0EW1EhjAEGIZ0EyFJ-cRTgVs0V7PT7e63JOUYyW6LqqHa4MV9SdK8BdnaN0D4-402Pf7yFqjneSHq3KZbXcgjUPT_hszsGvnn9qEyuIHQqON6YnDt55z5SvP_RfKtBfUe2VY-yglJT41LfhkIgpvjLYdYYRPh9G9ftJr17qht5RtHSNpTp4FPw7BR7rCnptb4xTxyq-sLu7qjSLRtqQ35Xpi_6qQ'
         end
         context 'when key == :self_issued' do
@@ -300,41 +300,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
     end
     its(:iss)     { should == 'https://self-issued.me' }
     its(:sub_jwk) { should == sub_jwk}
-    its(:subject) { should == OpenIDConnect::ResponseObject::IdToken.self_issued_subject(sub_jwk) }
-  end
-  describe '.self_issued_subject' do
-    context 'when RSA key given' do
-      let(:jwk) { JSON::JWK.new(public_key) }
-      it do
-        user_id = klass.self_issued_subject jwk
-        user_id.should == UrlSafeBase64.encode64(
-          OpenSSL::Digest::SHA256.digest([jwk[:n], jwk[:e]].join)
-        )
-      end
-    end
-    context 'when EC key given' do
-      let(:jwk) { JSON::JWK.new(ec_public_key) }
-      it do
-        expect do
-          klass.self_issued_subject jwk
-        end.to raise_error NotImplementedError
-      end
-    end
-    context 'when unknown algorithm JWK given' do
-      let(:jwk) do
-        {
-          alg: 'unknown'
-        }
-      end
-      it do
-        expect do
-          klass.self_issued_subject jwk
-        end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
-      end
-    end
+    its(:subject) { should == sub_jwk.thumbprint }
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-14 00:00:00.000000000 Z
+date: 2015-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: swd
   requirement: !ruby/object:Gem::Requirement