padlock_auth-jwt 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/padlock_auth/jwt/access_token.rb +11 -8
- data/lib/padlock_auth/jwt/version.rb +1 -1
- metadata +2 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7107cd7b8a99f461e2fdf0abbd526c2d1bced943a2542ee07c141ef600c4b233
|
|
4
|
+
data.tar.gz: c278724c8e66fb4b14a6f1f8f72eec4505630605d044d44200d41f706ebf07d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7beca857afbe76c930455a880f481bffd179de924a178c5b1d6cb5f410393999818d9eacd67b5c83d36deb246d723e75a8117ce517c42111c8e42b825e863dc1
|
|
7
|
+
data.tar.gz: c5daa9a7f997452b38a2c4f6dbbd4f0107a21845a8f83b6a4f3a10d22eadd72d48f4fc674d3b0ca932d38da4e648df0edc7dfe8ac645229c671f36a6eae32471
|
|
@@ -12,8 +12,6 @@ module PadlockAuth
|
|
|
12
12
|
def accessible?
|
|
13
13
|
return false unless valid_jwt_token?
|
|
14
14
|
|
|
15
|
-
return false unless valid_signature?
|
|
16
|
-
|
|
17
15
|
return false unless includes_required_claims?
|
|
18
16
|
|
|
19
17
|
# "exp" (Expiration Time) Claim
|
|
@@ -35,8 +33,7 @@ module PadlockAuth
|
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
def invalid_token_reason
|
|
38
|
-
return :invalid_jwt_token unless valid_jwt_token?
|
|
39
|
-
return :invalid_signature unless valid_signature?
|
|
36
|
+
return valid_header? ? :invalid_signature : :invalid_jwt_token unless valid_jwt_token?
|
|
40
37
|
|
|
41
38
|
return :missing_exp_claim unless includes_required_exp_claim?
|
|
42
39
|
return :invalid_exp_claim unless valid_exp_claim?
|
|
@@ -83,19 +80,25 @@ module PadlockAuth
|
|
|
83
80
|
|
|
84
81
|
private
|
|
85
82
|
|
|
83
|
+
def valid_jwt_token?
|
|
84
|
+
valid_signature? && valid_header?
|
|
85
|
+
end
|
|
86
|
+
|
|
86
87
|
# https://datatracker.ietf.org/doc/html/rfc9068#JWTATLValidate
|
|
87
88
|
# The resource server MUST verify that the "typ" header value is "at+jwt" or "application/at+jwt" and reject tokens carrying any other value.
|
|
88
|
-
def
|
|
89
|
-
return @
|
|
90
|
-
@
|
|
89
|
+
def valid_header?
|
|
90
|
+
return @valid_header if instance_variable_defined?(:@valid_header)
|
|
91
|
+
@valid_header = @encoded_token.header.present? &&
|
|
91
92
|
@strategy.header_types.include?(@encoded_token.header["typ"])
|
|
92
93
|
rescue JWT::DecodeError
|
|
93
|
-
@
|
|
94
|
+
@valid_header = false
|
|
94
95
|
end
|
|
95
96
|
|
|
96
97
|
def valid_signature?
|
|
97
98
|
return @valid_signature if instance_variable_defined?(:@valid_signature)
|
|
98
99
|
@valid_signature = @encoded_token.valid_signature?(algorithm: @strategy.algorithm, key: @strategy.secret_key)
|
|
100
|
+
rescue JWT::DecodeError
|
|
101
|
+
@valid_signature = false
|
|
99
102
|
end
|
|
100
103
|
|
|
101
104
|
def includes_required_claims?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: padlock_auth-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Morrall
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: padlock_auth
|
|
@@ -31,9 +31,6 @@ dependencies:
|
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: 2.9.4
|
|
34
|
-
- - "<"
|
|
35
|
-
- !ruby/object:Gem::Version
|
|
36
|
-
version: '3.0'
|
|
37
34
|
type: :runtime
|
|
38
35
|
prerelease: false
|
|
39
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -41,9 +38,6 @@ dependencies:
|
|
|
41
38
|
- - ">="
|
|
42
39
|
- !ruby/object:Gem::Version
|
|
43
40
|
version: 2.9.4
|
|
44
|
-
- - "<"
|
|
45
|
-
- !ruby/object:Gem::Version
|
|
46
|
-
version: '3.0'
|
|
47
41
|
- !ruby/object:Gem::Dependency
|
|
48
42
|
name: rspec-rails
|
|
49
43
|
requirement: !ruby/object:Gem::Requirement
|