rack-jwt 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 19267b5f494a49fb28e4a58a34a51aed16313480
-  data.tar.gz: 085968e3d783b4e7e1bcc13cf85e0944da44a97e
+  metadata.gz: cfa47cb2c138bc46c403e896f61fa82773ef0afa
+  data.tar.gz: e8a2497f654c31721a1e7943ed0a880607fc2f0d
 SHA512:
-  metadata.gz: 95d36e6594b6cae68ec827bc7b53774814ce42a8a1d551ef99d697c7ed28fce6dfb30ff8a62c0f3644f6070d51b6d22ee6dbb09897366323a4059b7dce696a97
-  data.tar.gz: 9a7b0274512ba049c1a76071c7fb9850e4f36ba5b55d4401054a3206ef095b99c22340d0f12530796e8dea0f6c8f57dfa67539f9a81f10426336e9558c7c5128
+  metadata.gz: b52bb55b1d499d5bf1fc3c959845e52a24dc0e5650fa28fbd9cefa561e796cbee4e6f0227f7de66eaa91c2ebf9298ab4468ba87012461c45e759346a0ba04885
+  data.tar.gz: 7fdeabeb1ebdc4f1baf6a40ef6fc40c018c71673d222ba6171d318a575215eefc470e16e407277fddbde97f85f3921a822693228543e174ccaf0af06190d5a3c

data/LICENSE.txt

@@ -1,22 +1,21 @@
-Copyright (c) 2015 Mr. Eigenbart
+The MIT License (MIT)
 
-MIT License
+Copyright (c) 2015 Mr. Eigenbart
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -4,11 +4,13 @@
 [![Build Status](https://travis-ci.org/eigenbart/rack-jwt.svg)](https://travis-ci.org/eigenbart/rack-jwt)
 [![Code Climate](https://codeclimate.com/github/eigenbart/rack-jwt/badges/gpa.svg)](https://codeclimate.com/github/eigenbart/rack-jwt)
 
+## About
+
 This gem provides JSON Web Token (JWT) based authentication.
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add this line to your application's `Gemfile`:
 
 ```ruby
 gem 'rack-jwt'
@@ -16,45 +18,90 @@ gem 'rack-jwt'
 
 And then execute:
 
-    $ bundle
+```
+$ bundle install
+```
 
-Or install it yourself as:
+Or install it directly with:
 
-    $ gem install rack-jwt
+```
+$ gem install rack-jwt
+```
 
 ## Usage
 
-`Rack::JWT::Auth` accepts several configuration options:
+`Rack::JWT::Auth` accepts several configuration options. All options are passed in a single Ruby Hash:
+
+* `secret` : required : `String` || `OpenSSL::PKey::RSA` || `OpenSSL::PKey::EC` : A cryptographically secure String (for HMAC algorithms) or a public key object of an appropriate type for public key algorithms. Set to `nil` if you are using the `'none'` algorithm.
 
-* `secret` : required : String : A cryptographically secure String that serves as the HMAC SHA-256 secret for the JSON Web Token.
-* `verify` : optional : Boolean : Determines whether JWT will verify tokens when decoded. Default is `true`.
-* `options` : optional : Hash : A hash of options that are passed through to JWT to configure supported claims. See [the ruby-jwt docs](https://github.com/progrium/ruby-jwt#support-for-reserved-claim-names) for the available options. By default only expiration (exp) and Not Before (nbf) claims are verified.
-* `exclude` : optional : Array : An Array of path strings representing paths that should not check for JWT authentication tokens before allowing access.
+* `verify` : optional : Boolean : Determines whether JWT will verify tokens keys for mismatch key types when decoded. Default is `true`. Set to `false` if you are using the `'none'` algorithm.
 
+* `options` : optional : Hash : A hash of options that are passed through to JWT to configure supported claims and algorithms. See [the ruby-jwt docs](https://github.com/progrium/ruby-jwt#support-for-reserved-claim-names) for much more info on the available options and how they work. These options are passed through without change to the underlying `ruby-jwt` gem. By default only expiration (exp) and Not Before (nbf) claims are verified. Pass in an algorithm choice like `{ algorithm: 'HS256' }`.
+
+* `exclude` : optional : Array : An Array of path strings representing paths that should not be checked for the presence of a valid JWT token. Excludes sub-paths as of specified paths as well (e.g. `%w(/docs)` excludes `/docs/some/thing.html` also). Each path should start with a `/`. If a path matches the current request path this entire middleware is skipped and no authentication or verification of tokens takes place.
+
+## Example Server-Side Config
+
+Where `my_args` is a `Hash` containing valid keys. See `spec/example_spec.rb`
+for a more complete example of the valid arguments for creating and verifying
+tokens.
 
 ### Sinatra
 
-```
-use Rack::JWT::Auth, secret: 'you_secret_token_goes_here', verify: true, options: {}, exclude: ['/api/docs']
+```ruby
+use Rack::JWT::Auth, my_args
 ```
 
 ### Cuba
 
-```
-Cuba.use Rack::JWT::Auth, secret: 'you_secret_token_goes_here', verify: true, options: {}, exclude: ['/api/docs']
+```ruby
+Cuba.use Rack::JWT::Auth, my_args
 ```
 
 ### Rails
 
-```
-Rails.application.config.middleware.use, Rack::JWT::Auth, secret: Rails.application.secrets.secret_key_base, verify: true, options: {}, exclude: ['/api/docs']
+```ruby
+Rails.application.config.middleware.use, Rack::JWT::Auth, my_args
 ```
 
 ## Generating tokens
-You can generate JSON Wen Tokens for your users using the `Token#encode` method
+You can generate JSON Web Tokens for your users using the
+`Rack::JWT::Token#encode` method which takes `payload`,
+`secret`, and `algorithm` params.
+
+The secret will be either a cryptographically strong random string, or the
+secret key component of a public/private keypair of an accepted type depending on
+the algorithm you choose. You can see examples of using the various key types at
+the [ruby-jwt gem repo](https://github.com/jwt/ruby-jwt/blob/master/README.md)
+
+The `algorithm` is an optional String and can be one of the following (default HMAC 'HS256'):
 
+```ruby
+%w(none HS256 HS384 HS512 RS256 RS384 RS512 ES256 ES384 ES512)
+
+HS256 is the default
 ```
-Rack::JWT::Token.encode(payload, secret)
+
+Here is a sample payload with illustrative data. You don't have to use all,
+or even most, of these.
+
+```ruby
+secret = 'your_secret_token_or_key'
+
+my_payload = {
+  data: 'data',
+  exp: Time.now.to_i + 4 * 3600,
+  nbf: Time.now.to_i - 3600,
+  iss: 'https://my.awesome.website/',
+  aud: 'audience',
+  jti: Digest::MD5.hexdigest([hmac_secret, iat].join(':').to_s),
+  iat: Time.now.to_i,
+  sub: 'subject'
+}
+
+alg = 'HS256'
+
+Rack::JWT::Token.encode(my_payload, secret, alg)
 ```
 
 ## Contributing

data/lib/rack/jwt.rb

@@ -1,6 +1,7 @@
-require "rack/jwt/version"
+require 'rack/jwt/version'
 
 module Rack
+  # JSON Web Token
   module JWT
     autoload :Auth, 'rack/jwt/auth'
     autoload :Token, 'rack/jwt/token'

data/lib/rack/jwt/auth.rb

@@ -2,57 +2,179 @@ require 'jwt'
 
 module Rack
   module JWT
+    # Authentication middleware
     class Auth
+      attr_reader :secret
+      attr_reader :verify
+      attr_reader :options
+      attr_reader :exclude
+
+      SUPPORTED_ALGORITHMS = %w(none HS256 HS384 HS512 RS256 RS384 RS512 ES256 ES384 ES512).freeze
+      DEFAULT_ALGORITHM = 'HS256'.freeze
+
+      # The last segment gets dropped for 'none' algorithm since there is no
+      # signature so both of these patterns are valid. All character chunks
+      # are base64url format and periods.
+      #   Bearer abc123.abc123.abc123
+      #   Bearer abc123.abc123.
+      BEARER_TOKEN_REGEX = %r{
+        ^Bearer\s{1}(       # starts with Bearer and a single space
+        [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
+        [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
+        [a-zA-Z0-9\-\_]*    # 0 or more chars, no trailing chars
+        )$
+      }x
+
+      # Initialization should fail fast with an ArgumentError
+      # if any args are invalid.
       def initialize(app, opts = {})
-        @app      = app
-        @jwt_secret   = opts.fetch(:secret)
-        @jwt_verify   = opts.fetch(:verify, true)
-        @jwt_options  = opts.fetch(:options, {})
-        @exclude  = opts.fetch(:exclude, [])
+        @app     = app
+        @secret  = opts.fetch(:secret, nil)
+        @verify  = opts.fetch(:verify, true)
+        @options = opts.fetch(:options, {})
+        @exclude = opts.fetch(:exclude, [])
+
+        @secret  = @secret.strip if @secret.is_a?(String)
+        @options[:algorithm] = DEFAULT_ALGORITHM if @options[:algorithm].nil?
+
+        check_secret_type!
+        check_secret!
+        check_secret_and_verify_for_none_alg!
+        check_verify_type!
+        check_options_type!
+        check_valid_algorithm!
+        check_exclude_type!
       end
 
       def call(env)
-        if @exclude.include? env['PATH_INFO']
+        if path_matches_excluded_path?(env)
           @app.call(env)
+        elsif missing_auth_header?(env)
+          return_error('Missing Authorization header')
+        elsif invalid_auth_header?(env)
+          return_error('Invalid Authorization header format')
         else
-          check_jwt_token(env)
+          verify_token(env)
         end
       end
 
       private
 
-      def check_jwt_token(env)
-        if valid_header?(env)
-          begin
-            token = env['HTTP_AUTHORIZATION'].split(' ')[-1]
-            decoded_token = Token.decode(token, @jwt_secret, @jwt_verify, @jwt_options)
-            env['jwt.header']  = decoded_token.last unless decoded_token.nil?
-            env['jwt.payload'] = decoded_token.first unless decoded_token.nil?
-            @app.call(env)
-          rescue ::JWT::DecodeError
-            return_error('Invalid JWT token')
+      def verify_token(env)
+        # extract the token from the Authorization: Bearer header
+        # with a regex capture group.
+        token = BEARER_TOKEN_REGEX.match(env['HTTP_AUTHORIZATION'])[1]
+
+        begin
+          decoded_token = Token.decode(token, @secret, @verify, @options)
+          env['jwt.payload'] = decoded_token.first
+          env['jwt.header'] = decoded_token.last
+          @app.call(env)
+        rescue ::JWT::VerificationError
+          return_error('Invalid JWT token : Signature Verification Error')
+        rescue ::JWT::ExpiredSignature
+          return_error('Invalid JWT token : Expired Signature (exp)')
+        rescue ::JWT::IncorrectAlgorithm
+          return_error('Invalid JWT token : Incorrect Key Algorithm')
+        rescue ::JWT::ImmatureSignature
+          return_error('Invalid JWT token : Immature Signature (nbf)')
+        rescue ::JWT::InvalidIssuerError
+          return_error('Invalid JWT token : Invalid Issuer (iss)')
+        rescue ::JWT::InvalidIatError
+          return_error('Invalid JWT token : Invalid Issued At (iat)')
+        rescue ::JWT::InvalidAudError
+          return_error('Invalid JWT token : Invalid Audience (aud)')
+        rescue ::JWT::InvalidSubError
+          return_error('Invalid JWT token : Invalid Subject (sub)')
+        rescue ::JWT::InvalidJtiError
+          return_error('Invalid JWT token : Invalid JWT ID (jti)')
+        rescue ::JWT::DecodeError
+          return_error('Invalid JWT token : Decode Error')
+        end
+      end
+
+      def check_secret_type!
+        unless @secret.nil? ||
+               @secret.is_a?(String) ||
+               @secret.is_a?(OpenSSL::PKey::RSA) ||
+               @secret.is_a?(OpenSSL::PKey::EC)
+          raise ArgumentError, 'secret argument must be a valid type'
+        end
+      end
+
+      def check_secret!
+        if @secret.nil? || (@secret.is_a?(String) && @secret.empty?)
+          unless @options[:algorithm] == 'none'
+            raise ArgumentError, 'secret argument can only be nil/empty for the "none" algorithm'
           end
-        else
-          return_jwt_header_error(env)
         end
       end
 
-      def return_jwt_header_error(env)
-        if env['HTTP_AUTHORIZATION'].nil?
-          return_error('Missing Authorization header')
-        elsif env['HTTP_AUTHORIZATION'].split(' ').first != 'Bearer'
-          return_error('Invalid Authorization header format')
+      def check_secret_and_verify_for_none_alg!
+        if @options && @options[:algorithm] && @options[:algorithm] == 'none'
+          unless @secret.nil? && @verify.is_a?(FalseClass)
+            raise ArgumentError, 'when "none" the secret must be "nil" and verify "false"'
+          end
+        end
+      end
+
+      def check_verify_type!
+        unless verify.is_a?(TrueClass) || verify.is_a?(FalseClass)
+          raise ArgumentError, 'verify argument must be true or false'
         end
       end
 
-      def valid_header?(env)
-        env['HTTP_AUTHORIZATION'] =~ /\ABearer \S*\.\S*\.\S*\z/
+      def check_options_type!
+        raise ArgumentError, 'options argument must be a Hash' unless options.is_a?(Hash)
+      end
+
+      def check_valid_algorithm!
+        unless @options &&
+               @options[:algorithm] &&
+               SUPPORTED_ALGORITHMS.include?(@options[:algorithm])
+          raise ArgumentError, 'algorithm argument must be a supported type'
+        end
+      end
+
+      def check_exclude_type!
+        unless @exclude.is_a?(Array)
+          raise ArgumentError, 'exclude argument must be an Array'
+        end
+
+        @exclude.each do |x|
+          unless x.is_a?(String)
+            raise ArgumentError, 'each exclude Array element must be a String'
+          end
+
+          if x.empty?
+            raise ArgumentError, 'each exclude Array element must not be empty'
+          end
+
+          unless x.start_with?('/')
+            raise ArgumentError, 'each exclude Array element must start with a /'
+          end
+        end
+      end
+
+      def path_matches_excluded_path?(env)
+        @exclude.any? { |ex| env['PATH_INFO'].start_with?(ex) }
+      end
+
+      def valid_auth_header?(env)
+        env['HTTP_AUTHORIZATION'] =~ BEARER_TOKEN_REGEX
+      end
+
+      def invalid_auth_header?(env)
+        !valid_auth_header?(env)
+      end
+
+      def missing_auth_header?(env)
+        env['HTTP_AUTHORIZATION'].nil? || env['HTTP_AUTHORIZATION'].strip.empty?
       end
 
       def return_error(message)
         body    = { error: message }.to_json
-        headers = { 'Content-Type' => 'application/json',
-                    'Content-Length' => body.bytesize.to_s }
+        headers = { 'Content-Type' => 'application/json', 'Content-Length' => body.bytesize.to_s }
 
         [401, headers, [body]]
       end

data/lib/rack/jwt/token.rb

@@ -1,15 +1,67 @@
 module Rack
   module JWT
+    # Token encoding and decoding
     class Token
-      # TODO : Support all algorithms, not just default 'HS256'
-      # https://github.com/progrium/ruby-jwt#algorithms-and-usage
-      def self.encode(payload, secret)
-        ::JWT.encode(payload, secret, 'HS256')
+      # abc123.abc123.abc123    (w/ signature)
+      # abc123.abc123.          ('none')
+      TOKEN_REGEX = /\A([a-zA-Z0-9\-\_\~\+\\]+\.[a-zA-Z0-9\-\_\~\+\\]+\.[a-zA-Z0-9\-\_\~\+\\]*)\z/
+
+      def self.encode(payload, secret, alg = 'HS256')
+        raise 'Invalid payload. Must be a Hash.' unless payload.is_a?(Hash)
+        raise 'Invalid secret type.'             unless secret_of_valid_type?(secret)
+        raise 'Unsupported algorithm'            unless algorithm_supported?(alg)
+
+        # if using an unsigned token ('none' alg) you *must* set the `secret`
+        # to `nil` in which case any user provided `secret` will be ignored.
+        if alg == 'none'
+          ::JWT.encode(payload, nil, alg)
+        else
+          ::JWT.encode(payload, secret, alg)
+        end
+      end
+
+      def self.decode(token, secret, verify, options = {})
+        raise 'Invalid token format.'     unless valid_token_format?(token)
+        raise 'Invalid secret type.'      unless secret_of_valid_type?(secret)
+        raise 'Unsupported verify value.' unless verify_of_valid_type?(verify)
+        options[:algorithm] = 'HS256'     if options[:algorithm].nil?
+        raise 'Unsupported algorithm'     unless algorithm_supported?(options[:algorithm])
+
+        # If using an unsigned 'none' algorithm token you *must* set the
+        # `secret` to `nil` and `verify` to `false` or it won't work per
+        # the ruby-jwt docs. Using 'none' is probably not recommended.
+        if options[:algorithm] == 'none'
+          ::JWT.decode(token, nil, false, options)
+        else
+          ::JWT.decode(token, secret, verify, options)
+        end
+      end
+
+      # Private Utility Class Methods
+      # See : https://gist.github.com/Integralist/bb8760d11a03c88da151
+
+      def self.valid_token_format?(token)
+        token =~ TOKEN_REGEX
+      end
+      private_class_method :valid_token_format?
+
+      def self.algorithm_supported?(alg)
+        Rack::JWT::Auth::SUPPORTED_ALGORITHMS.include?(alg)
+      end
+      private_class_method :algorithm_supported?
+
+      def self.verify_of_valid_type?(verify)
+        verify.nil? || verify.is_a?(FalseClass) || verify.is_a?(TrueClass)
       end
+      private_class_method :verify_of_valid_type?
 
-      def self.decode(token, secret, verify, options)
-        ::JWT.decode(token, secret, verify, options)
+      def self.secret_of_valid_type?(secret)
+        secret.nil? ||
+          secret.is_a?(String) ||
+          secret.is_a?(OpenSSL::PKey::RSA) ||
+          secret.is_a?(OpenSSL::PKey::EC)
       end
+      private_class_method :secret_of_valid_type?
     end
   end
 end

data/lib/rack/jwt/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module JWT
-    VERSION = "0.2.0"
+    VERSION = '0.3.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-jwt
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Mr. Eigenbart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-16 00:00:00.000000000 Z
+date: 2016-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: '10.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: '10.5'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 3.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.37.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.37.2
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.5.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.5.2
 description: Rack middleware that provides authentication based on JSON Web Tokens.
 email:
 - eigenbart@gmail.com
@@ -101,21 +129,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
-- Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - lib/rack/jwt.rb
 - lib/rack/jwt/auth.rb
 - lib/rack/jwt/token.rb
 - lib/rack/jwt/version.rb
-- rack-jwt.gemspec
-- spec/auth_spec.rb
-- spec/spec_helper.rb
-homepage: ''
+homepage: https://github.com/eigenbart/rack-jwt
 licenses:
 - MIT
 metadata: {}
@@ -127,7 +147,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: 2.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -139,6 +159,4 @@ rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Rack middleware that provides authentication based on JSON Web Tokens.
-test_files:
-- spec/auth_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.gitignore

@@ -1,14 +0,0 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-*.bundle
-*.so
-*.o
-*.a
-mkmf.log

data/.rspec

@@ -1 +0,0 @@
---color

data/.travis.yml

@@ -1,4 +0,0 @@
-rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.2.0

data/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in rack-jwt.gemspec
-gemspec

data/Rakefile

@@ -1,9 +0,0 @@
-require "bundler/gem_tasks"
-require 'rspec/core/rake_task'
-
-desc "Run RSpec"
-RSpec::Core::RakeTask.new do |t|
-  t.verbose = false
-end
-
-task :default => :spec

data/rack-jwt.gemspec

@@ -1,29 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'rack/jwt/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "rack-jwt"
-  spec.version       = Rack::JWT::VERSION
-  spec.authors       = ["Mr. Eigenbart"]
-  spec.email         = ["eigenbart@gmail.com"]
-  spec.summary       = %q{Rack middleware that provides authentication based on JSON Web Tokens.}
-  spec.description   = %q{Rack middleware that provides authentication based on JSON Web Tokens.}
-  spec.homepage      = ""
-  spec.license       = "MIT"
-
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-  spec.required_ruby_version = '>= 1.9.3'
-
-  spec.add_development_dependency 'bundler', '~> 1.7'
-  spec.add_development_dependency 'rake', '~> 10.0.0'
-  spec.add_development_dependency 'rack-test', '~> 0.6.3'
-  spec.add_development_dependency 'rspec',     '~> 3.2.0'
-
-  spec.add_runtime_dependency 'rack', '>= 1.6.0'
-  spec.add_runtime_dependency 'jwt', '~> 1.5.0'
-end

data/spec/auth_spec.rb

@@ -1,243 +0,0 @@
-require 'spec_helper'
-
-describe Rack::JWT::Auth do
-  include Rack::Test::Methods
-
-  let(:issuer)  { Rack::JWT::Token }
-  let(:secret)  { 'foo' }
-  let(:verify)  { true }
-  let(:options) { {} }
-  let(:body)    {{ 'foo' => 'bar' }}
-
-  let(:app) do
-    main_app = lambda { |env| [200, env, [body.to_json]] }
-    Rack::JWT::Auth.new(main_app, { secret: secret })
-  end
-
-  def perform_request
-    get('/', {}, headers)
-  end
-
-  context 'when no secret provided' do
-    let(:headers) { {} }
-
-    it 'raises an exception' do
-      expect{ Rack::JWT::Auth.new(main_app, {}) }.to raise_error
-    end
-  end
-
-  context 'when no authorization header provided' do
-    let(:headers) { {} }
-
-    subject { JSON.parse(last_response.body) }
-
-    before { perform_request }
-
-    it 'returns 401 status code' do
-      expect(last_response.status).to eq(401)
-    end
-
-    it 'returns an error message' do
-      expect(subject['error']).to eq('Missing Authorization header')
-    end
-  end
-
-  context 'when authorization header does not contain the schema' do
-    let(:token) { issuer.encode({ iss: 1 }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => token }}
-
-    subject { JSON.parse(last_response.body) }
-
-    before { perform_request }
-
-    it 'returns 401 status code' do
-      expect(last_response.status).to eq(401)
-    end
-
-    it 'returns an error message' do
-      expect(subject['error']).to eq('Invalid Authorization header format')
-    end
-  end
-
-  context 'when authorization header contains an invalid schema' do
-    let(:token) { issuer.encode({ iss: 1 }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "WrongScheme #{token}" }}
-
-    subject { JSON.parse(last_response.body) }
-
-    before { perform_request }
-
-    it 'returns 401 status code' do
-      expect(last_response.status).to eq(401)
-    end
-
-    it 'returns an error message' do
-      expect(subject['error']).to eq('Invalid Authorization header format')
-    end
-  end
-
-  context 'when token signature is invalid' do
-    let(:token) { issuer.encode({ iss: 1 }, 'invalid secret') }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    subject { JSON.parse(last_response.body) }
-
-    before { perform_request }
-
-    it 'returns 401 status code' do
-      expect(last_response.status).to eq(401)
-    end
-
-    it 'returns an error message' do
-      expect(subject['error']).to eq('Invalid JWT token')
-    end
-  end
-
-  context 'when token signature is invalid and JWT verify option is false' do
-    let(:app) do
-      main_app = lambda { |env| [200, env, [body.to_json]] }
-      Rack::JWT::Auth.new(main_app, { secret: secret, verify: false })
-    end
-    let(:token) { issuer.encode({ iss: 1 }, 'invalid secret') }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    before { perform_request }
-
-    subject { JSON.parse(last_response.body) }
-
-    it 'returns 200 status code' do
-      expect(last_response.status).to eq(200)
-    end
-  end
-
-  context 'when token is valid' do
-    let(:token) { issuer.encode({ iss: 1 }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    subject { JSON.parse(last_response.body) }
-
-    before { perform_request }
-
-    it 'returns 200 status code' do
-      expect(last_response.status).to eq(200)
-    end
-
-    it 'process the request' do
-      expect(subject).to eq(body)
-    end
-
-    it 'adds the token payload to the request' do
-      payload = last_response.header['jwt.payload']
-      expect(payload['iss']).to eq(1)
-    end
-
-    it 'adds the token header to the request' do
-      header = last_response.header['jwt.header']
-      expect(header['alg']).to eq('HS256')
-      expect(header['typ']).to eq('JWT')
-    end
-  end
-
-  context 'when token is valid but app raises an error unrelated to JWT' do
-    let(:token) { issuer.encode({ iss: 1 }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    let(:app) do
-      main_app = lambda { |env| raise 'BOOM!' }
-      Rack::JWT::Auth.new(main_app, { secret: secret })
-    end
-
-    it 'bubbles up the exception' do
-      expect { perform_request }.to raise_error('BOOM!')
-    end
-  end
-
-  # Test the pass-through of the options Hash to JWT using Issued At (iat) claim to test..
-  ###
-
-  context 'when token is valid and an invalid Issued At (iat) claim is provided JWT should ignore bad iat by default' do
-    let(:token) { issuer.encode({ iss: 1, iat: Time.now.to_i + 1000000 }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    before { perform_request }
-
-    subject { JSON.parse(last_response.body) }
-
-    it 'returns 200 status code' do
-      expect(last_response.status).to eq(200)
-    end
-
-    it 'process the request' do
-      expect(subject).to eq(body)
-    end
-
-    it 'adds the token payload to the request' do
-      payload = last_response.header['jwt.payload']
-      expect(payload['iss']).to eq(1)
-    end
-
-    it 'adds the token header to the request' do
-      header = last_response.header['jwt.header']
-      expect(header['alg']).to eq('HS256')
-      expect(header['typ']).to eq('JWT')
-    end
-  end
-
-  context 'when token is valid and an invalid Issued At (iat) claim is provided and iat verification option is enabled' do
-    # The token was issued at an insane time in the future.
-    let(:iat) { Time.now.to_i + 1000000 }
-    let(:app) do
-      main_app = lambda { |env| [200, env, [body.to_json]] }
-      Rack::JWT::Auth.new(main_app, { secret: secret, options: { :verify_iat => true } })
-    end
-    let(:token) { issuer.encode({ iss: 1, iat: iat }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    before { perform_request }
-
-    subject { JSON.parse(last_response.body) }
-
-    it 'returns 401 status code' do
-      expect(last_response.status).to eq(401)
-    end
-
-    it 'returns an error message' do
-      expect(subject['error']).to eq('Invalid JWT token')
-    end
-  end
-
-  context 'when token is valid and a valid Issued At (iat) claim is provided and iat verification option is enabled' do
-    # The token was issued at a sane Time.now
-    let(:iat) { Time.now.to_i }
-    let(:app) do
-      main_app = lambda { |env| [200, env, [body.to_json]] }
-      Rack::JWT::Auth.new(main_app, { secret: secret, options: { :verify_iat => true } })
-    end
-    let(:token) { issuer.encode({ iss: 1, iat: iat }, secret) }
-    let(:headers) {{ 'HTTP_AUTHORIZATION' => "Bearer #{token}" }}
-
-    before { perform_request }
-
-    subject { JSON.parse(last_response.body) }
-
-    it 'returns 200 status code' do
-      expect(last_response.status).to eq(200)
-    end
-
-    it 'process the request' do
-      expect(subject).to eq(body)
-    end
-
-    it 'adds the token payload to the request' do
-      payload = last_response.header['jwt.payload']
-      expect(payload['iss']).to eq(1)
-    end
-
-    it 'adds the token header to the request' do
-      header = last_response.header['jwt.header']
-      expect(header['alg']).to eq('HS256')
-      expect(header['typ']).to eq('JWT')
-    end
-  end
-
-end

data/spec/spec_helper.rb

@@ -1,2 +0,0 @@
-require "rack/test"
-require "rack/jwt"