RubyGems - rack-jwt - Versions diffs - 0.1.0 → 0.1.1 - Mend

rack-jwt 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e20bf24155aaeda649c643bde660ed334b5e081d
-  data.tar.gz: 125bff003cd0fc9f3d2ec2feb7fd7d1fa01438bc
+  metadata.gz: 2cdc1b0bd5715e4d4d5e8cd04822d0e6825b089f
+  data.tar.gz: 2397aac243a1d587e109f46942cecdaaccb9b5cd
 SHA512:
-  metadata.gz: 8ebece61f89d84ae0b61e82a3631a556a09597bbc2e6265eb9beacc6ef958859ceb2f7ab6bcdabf407ee36e97160396ce7db80da7791d611860329560f5c77b7
-  data.tar.gz: 85107621925d5e21c2a8d7d275b429622155a596a49cad78520dcb93f80ba7104ac6e84f4a627095fbb685f74eee28680fc242f7ed91c883c76faa937a69d7b5
+  metadata.gz: 1ccae31dc0d69b94d0da8243276c532b2793dbae1563da3b328a163d9f03f5284abb58f60a193b8e421591ca9f9ff0e2b1b6bac9dcd80a0954525b6ffd25d371
+  data.tar.gz: 03b28fa23d5d00bce804435ff76c6e1dd4f873f6c5d49bf8830ee5295ad747d90e5dbfba7fcb371d34f58968534fb7725e1545272ec82a48f78b582808f62019

data/.travis.yml ADDED Viewed

@@ -0,0 +1,4 @@
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.2.0

data/README.md CHANGED Viewed

@@ -1,4 +1,8 @@
-# Rack::Jwt
+# Rack::JWT
+[![Gem Version](https://badge.fury.io/rb/rack-jwt.svg)](http://badge.fury.io/rb/rack-jwt)
+[![Build Status](https://travis-ci.org/eigenbart/rack-jwt.svg)](https://travis-ci.org/eigenbart/rack-jwt)
+[![Code Climate](https://codeclimate.com/github/eigenbart/rack-jwt/badges/gpa.svg)](https://codeclimate.com/github/eigenbart/rack-jwt)
 This gem provides JSON Web Token (JWT) based authentication.

data/Rakefile CHANGED Viewed

@@ -1,2 +1,9 @@
 require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+desc "Run RSpec"
+RSpec::Core::RakeTask.new do |t|
+  t.verbose = false
+end
+task :default => :spec

data/lib/rack/jwt/auth.rb CHANGED Viewed

@@ -10,57 +10,49 @@ module Rack
       end
       def call(env)
-        if @exclude.include? env["PATH_INFO"]
+        if @exclude.include? env['PATH_INFO']
           @app.call(env)
-        elsif env["HTTP_AUTHORIZATION"]
-          begin
-            if env["HTTP_AUTHORIZATION"].split(" ").first != 'Bearer'
-              invalid_auth_header
-            else
-              token = env["HTTP_AUTHORIZATION"].split(" ")[-1]
-              decoded_token = Token.decode(token, @secret)
-              env["jwt.header"]  = decoded_token.last
-              env["jwt.payload"] = decoded_token.first
-              @app.call(env)
-            end
-          rescue
-            unauthorized
-          end
         else
-          no_auth_header
+          check_jwt_token(env)
         end
       end
       private
-      def unauthorized
-        body = { error: "Invalid JWT token" }.to_json
-        headers = {
-                    'Content-Type' => 'application/json',
-                    'Content-Length' => body.bytesize.to_s
-                  }
-        return [401, headers, [body]]
+      def check_jwt_token(env)
+        if valid_header?(env)
+          begin
+            token = env['HTTP_AUTHORIZATION'].split(' ')[-1]
+            decoded_token = Token.decode(token, @secret)
+            env['jwt.header']  = decoded_token.last
+            env['jwt.payload'] = decoded_token.first
+            @app.call(env)
+          rescue
+            return_error('Invalid JWT token')
+          end
+        else
+          return_jwt_header_error(env)
+        end
       end
-      def no_auth_header
-        body = { error: "Missing Authorization header" }.to_json
-        headers = {
-                    'Content-Type' => 'application/json',
-                    'Content-Length' => body.bytesize.to_s
-                  }
+      def return_jwt_header_error(env)
+        if env['HTTP_AUTHORIZATION'].nil?
+          return_error('Missing Authorization header')
+        elsif env['HTTP_AUTHORIZATION'].split(' ').first != 'Bearer'
+          return_error('Invalid Authorization header format')
+        end
+      end
-        return [401, headers, [body]]
+      def valid_header?(env)
+        env['HTTP_AUTHORIZATION'] =~ /\ABearer \S*\.\S*\.\S*\z/
       end
-      def invalid_auth_header
-        body = { error: "Invalid Authorization header format" }.to_json
-        headers = {
-                    'Content-Type' => 'application/json',
-                    'Content-Length' => body.bytesize.to_s
-                  }
+      def return_error(message)
+        body    = { error: message }.to_json
+        headers = { 'Content-Type' => 'application/json',
+                    'Content-Length' => body.bytesize.to_s }
-        return [401, headers, [body]]
+        [401, headers, [body]]
       end
     end
   end

data/lib/rack/jwt/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rack
   module Jwt
-    VERSION = "0.1.0"
+    VERSION = "0.1.1"
   end
 end

data/rack-jwt.gemspec CHANGED Viewed

@@ -17,9 +17,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
+  spec.required_ruby_version = '>= 1.9.3'
-  spec.add_development_dependency "bundler", "~> 1.7"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0.0'
   spec.add_development_dependency 'rack-test', '~> 0.6.3'
   spec.add_development_dependency 'rspec',     '~> 3.2.0'

data/spec/auth_spec.rb CHANGED Viewed

@@ -5,64 +5,107 @@ describe Rack::JWT::Auth do
   let(:issuer) { Rack::JWT::Token }
   let(:secret) { 'foo' }
+  let(:body)   {{ 'foo' => 'bar' }}
   let(:app) do
-    main_app = lambda { |env| [200, env, ['Hello']] }
-    Rack::JWT::Auth.new(main_app, {secret: secret})
+    main_app = lambda { |env| [200, env, [body.to_json]] }
+    Rack::JWT::Auth.new(main_app, { secret: secret })
   end
-  it 'raises an exception if no secret if provided' do
-    expect{ Rack::JWT::Auth.new(main_app, {}) }.to raise_error
+  before do
+    get('/', {}, headers)
   end
-  it 'returns 200 ok if the request is authenticated' do
-    token = issuer.encode({ iss: 1 }, secret)
-    get('/', {}, {'HTTP_AUTHORIZATION' => 'Bearer #{token}'})
+  context 'when no secret provided' do
+    let(:headers) { {} }
-    expect(last_response.status).to eq 200
-    expect(last_response.body).to   eq 'Hello'
+    it 'raises an exception' do
+      expect{ Rack::JWT::Auth.new(main_app, {}) }.to raise_error
+    end
+  end
+  context 'when no authorization header provided' do
+    let(:headers) { {} }
+    subject { JSON.parse(last_response.body) }
-    payload = last_response.header['jwt.payload']
+    it 'returns 401 status code' do
+      expect(last_response.status).to eq(401)
+    end
-    expect(payload['iss']).to  eql(1)
+    it 'returns an error message' do
+      expect(subject['error']).to eq('Missing Authorization header')
+    end
   end
-  it 'returns 401 if the authorization header is missing' do
-    get('/')
+  context 'when authorzation header does not contain the schema' do
+    let(:token) { issuer.encode({ iss: 1 }, secret) }
+    let(:headers) {{ 'HTTP_AUTHORIZATION' => token }}
-    jsonResponse = JSON.parse(last_response.body)
+    subject { JSON.parse(last_response.body) }
-    expect(last_response.status).to eql(401)
-    expect(jsonResponse['error']).to eql('Missing Authorization header')
+    it 'returns 401 status code' do
+      expect(last_response.status).to eq(401)
+    end
+    it 'returns an error message' do
+      expect(subject['error']).to eq('Invalid Authorization header format')
+    end
   end
-  it 'returns 401 if the authorization header signature is invalid' do
-    token = issuer.encode({ iss: 1 }, 'invalid secret')
-    get('/', {}, {'HTTP_AUTHORIZATION' => 'Bearer #{token}'})
+  context 'when authorization header contains an invalid schema' do
+    let(:token) { issuer.encode({ iss: 1 }, secret) }
+    let(:headers) {{ 'HTTP_AUTHORIZATION' => "WrongScheme #{token}" }}
+    subject { JSON.parse(last_response.body) }
-    jsonResponse = JSON.parse(last_response.body)
+    it 'returns 401 status code' do
+      expect(last_response.status).to eq(401)
+    end
-    expect(last_response.status).to eql(401)
-    expect(jsonResponse['error']).to eql('Invalid JWT token')
+    it 'returns an error message' do
+      expect(subject['error']).to eq('Invalid Authorization header format')
+    end
   end
-  it 'returns 401 if the header format is not Authorization: Bearer [token]' do
-    token = issuer.encode({ iss: 1 }, secret)
-    get('/', {}, {'HTTP_AUTHORIZATION' => '#{token}'})
+  context 'when token signature is invalid' do
+    let(:token) { issuer.encode({ iss: 1 }, 'invalid secret') }
+    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-    jsonResponse = JSON.parse(last_response.body)
+    subject { JSON.parse(last_response.body) }
-    expect(last_response.status).to eql(401)
-    expect(jsonResponse['error']).to eql('Invalid Authorization header format')
+    it 'returns 401 status code' do
+      expect(last_response.status).to eq(401)
+    end
+    it 'returns an error message' do
+      expect(subject['error']).to eq('Invalid JWT token')
+    end
   end
-  it 'returns 401 if authorization scheme is not Bearer' do
-    token = issuer.encode({ iss: 1 }, secret)
-    get('/', {}, {'HTTP_AUTHORIZATION' => 'WrongScheme #{token}'})
+  context 'when token is valid' do
+    let(:token) { issuer.encode({ iss: 1 }, secret) }
+    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
+    subject { JSON.parse(last_response.body) }
+    it 'returns 200 status code' do
+      expect(last_response.status).to eq(200)
+    end
+    it 'process the request' do
+      expect(subject).to eq(body)
+    end
-    jsonResponse = JSON.parse(last_response.body)
+    it 'adds the token payload to the request' do
+      payload = last_response.header['jwt.payload']
+      expect(payload['iss']).to eq(1)
+    end
-    expect(last_response.status).to eql(401)
-    expect(jsonResponse['error']).to eql('Invalid Authorization header format')
+    it 'adds the token header to the request' do
+      header = last_response.header['jwt.header']
+      expect(header['alg']).to eq('HS256')
+      expect(header['typ']).to eq('JWT')
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-jwt
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Mr. Eigenbart
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-06 00:00:00.000000000 Z
+date: 2015-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 10.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 10.0.0
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +103,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -126,7 +127,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="