RubyGems - ruby_jwt - Versions diffs - 1.1.0 → 2.0.0 - Mend

ruby_jwt 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7e38ce66749c2472c721f6a21231267f4cae483a
-  data.tar.gz: 7fee6ca4a796980f08c810df27d8e7677b8515ed
+  metadata.gz: e534fc72b29b3327c419953c2586ebe7bb044969
+  data.tar.gz: ae170754b0293e51a43a286922b39e55f145599c
 SHA512:
-  metadata.gz: 110764e7fa85906de5db32fad455dc4351fccb63baff36f7b942ffb2e0611f746aca0e8a93f916ae071d43e6a70b59820c7e35080f0cd94f2fddf31368f5203b
-  data.tar.gz: 0d0b9cbc8a5137209e9e90937c26b2fb4fe39e69d971066bffc823a4f09988ec6a98fa286b1caf8abbf7782da3f95ac1c2bf7e6d289cee6877f332cce4ded671
+  metadata.gz: bb923d58727f97d79f0c49e2b9f0604bc150a78a467e642f1a452a6ef388f6a227e28708ff1d9a5c5fa4767f4ada369517f80254d280aee57209fc28a026e43f
+  data.tar.gz: 85495d0489e13a8cdf6deea6d2b358d5286823bd0992206f597f73f188c3a72b12f38dae6ff125418b607d6c5c8241d41a1b9e3e606dde3ccfa53befcfff7b0b

data/lib/ruby_jwt.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require 'json'
 module JWT
-	class DecodeError < StandardError;end
+	class VerificationError < StandardError;end
 	class SignError < StandardError;end
 	class DecodeResponse
 		attr_accessor :header, :payload, :signature
@@ -14,15 +14,15 @@ module JWT
 			@signature = signature
 		end
 	end
-	class VerificationResponse
-		attr_accessor :success, :message, :decoded_token
-		def initialize(success,message, decoded = nil)
-			@success = success
-			@message = message
-			@decoded_token = decoded
-		end
-	end
+	# class VerificationResponse
+	# 	attr_accessor :success, :message, :decoded_token
+	# 	def initialize(success,message, decoded = nil)
+	# 		@success = success
+	# 		@message = message
+	# 		@decoded_token = decoded
+	# 	end
+	# end
 	# class OpenSSL::PKey::EC
 	# 	alias_method :private?, :private_key?
@@ -42,7 +42,7 @@ module JWT
 		end
 		payload[:iat] = Time.now.to_i
 		if(payload_options[:exp])
-			payload_options	[:exp] += payload[:iat]
+			payload_options[:exp] += payload[:iat]
 		end
 		if(payload_options[:nbf])
@@ -63,34 +63,36 @@ module JWT
 	end
 	def verify(token,secret,options={})
-		return VerificationResponse.new(false, "JWT cannot be blank") if !token or token.empty?
+		raise VerificationError.new("JWT cannot be blank") if !token or token.empty?
 		jwt_parts = token.split(".")
 		jwt = decode(token)
 		alg = jwt.header[:alg]
-		return VerificationResponse.new(false,"Key cannot be blank if algorithm is not 'none'") if(alg != "none" and !secret)
+		raise VerificationError.new("Key cannot be blank if algorithm is not 'none'") if(alg != "none" and !secret)
+		raise VerificationError.new("JWT has invalid number of segments.") if(jwt_parts.count < 3 and alg != "none")
+		raise VerificationError.new("JWT has invalid number of segments.") if(jwt_parts.count < 2 and alg == "none")
 		payload = jwt.payload
 		signature = base64urldecode(jwt.signature) if alg != "none"
 		current_time = Time.now.to_i
 		if(payload[:exp] and current_time >= payload[:exp])
-			return VerificationResponse.new(false,"JWT is expired.")
+			raise VerificationError.new("JWT is expired.")
 		end
 		if(payload[:nbf] and current_time < payload[:nbf])
-			return VerificationResponse.new(false, "JWT nbf has not passed yet.")
+			raise VerificationError.new( "JWT nbf has not passed yet.")
 		end
 		if(options[:iss])
-			return VerificationResponse.new(false,"JWT issuer is invalid.") if options[:iss] != payload[:iss]
+			raise VerificationError.new("JWT issuer is invalid.") if options[:iss] != payload[:iss]
 		end
 		if(options[:aud])
 			audience = (options[:aud].is_a? Array) ? options[:aud] : [options[:aud]]
-			return VerificationResponse.new(false,"JWT audience is invalid.") if !audience.include? payload[:aud]
+			raise VerificationError.new("JWT audience is invalid.") if !audience.include? payload[:aud]
 		end
-		return VerificationResponse.new(false,"JWT signature is invalid.") if !verify_signature(alg,secret,jwt_parts[0..1].join("."),signature)
+		raise VerificationError.new("JWT signature is invalid.") if !verify_signature(alg,secret,jwt_parts[0..1].join("."),signature)
-		return VerificationResponse.new(true,"JWT is valid.",jwt)
+		return jwt
 	end
@@ -163,7 +165,7 @@ module JWT
 				raise JWT::DecodeError.new("Illegal base64 string!")
 			end
 		rescue ArgumentError => e
-			raise JWT::DecodeError.new(e.message)
+			raise JWT::VerificationError.new(e.message)
 		end
 	end

data/lib/ruby_jwt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RubyJwt
-  VERSION = "1.1.0"
+  VERSION = "2.0.0"
 end

data/test/dummy/app/assets/javascripts/main.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // Place all the behaviors and hooks related to the matching controller here.
2	+ // All this logic will automatically be available in application.js.

data/test/dummy/app/assets/javascripts/users.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // Place all the behaviors and hooks related to the matching controller here.
2	+ // All this logic will automatically be available in application.js.

data/test/dummy/app/assets/stylesheets/main.css ADDED Viewed

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/dummy/app/assets/stylesheets/scaffold.css ADDED Viewed

@@ -0,0 +1,56 @@
+body { background-color: #fff; color: #333; }
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+div.field, div.actions {
+  margin-bottom: 10px;
+}
+#notice {
+  color: green;
+}
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  margin-bottom: 0px;
+  background-color: #c00;
+  color: #fff;
+}
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}

data/test/dummy/app/assets/stylesheets/users.css ADDED Viewed

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/dummy/app/controllers/application_controller.rb CHANGED Viewed

@@ -2,4 +2,18 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+  def verify_token
+  	if(cookies[:session_token])
+  		x = JWT.verify(cookies[:session_token],"secret")
+  		redirect_to(root_path) if !x.success
+  		@current_user = User.find(x.decoded_token.payload[:user_id])
+  	else
+  		redirect_to root_path
+  	end
+  end
 end

data/test/dummy/app/controllers/main_controller.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class MainController < ApplicationController
+  def index
+  end
+  def login
+  end
+end

data/test/dummy/app/controllers/users_controller.rb ADDED Viewed

@@ -0,0 +1,64 @@
+class UsersController < ApplicationController
+  before_action :verify_token, only: [:index,:show, :edit, :update, :destroy]
+  before_action :set_user, only: [:show, :edit, :update, :destroy]
+  # GET /users
+  def index
+    @users = User.all
+  end
+  # GET /users/1
+  def show
+  end
+  # GET /users/new
+  def new
+    @user = User.new
+  end
+  def login
+    cookies[:session_token] = JWT.sign({:user_id => 1},"secret",{},{:alg => "HS384"})
+  end
+  # GET /users/1/edit
+  def edit
+  end
+  # POST /users
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      redirect_to @user, notice: 'User was successfully created.'
+    else
+      render :new
+    end
+  end
+  # PATCH/PUT /users/1
+  def update
+    if @user.update(user_params)
+      redirect_to @user, notice: 'User was successfully updated.'
+    else
+      render :edit
+    end
+  end
+  # DELETE /users/1
+  def destroy
+    @user.destroy
+    redirect_to users_url, notice: 'User was successfully destroyed.'
+  end
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_user
+      @user = @current_user
+    end
+    # Only allow a trusted parameter "white list" through.
+    def user_params
+      params.require(:user).permit(:name, :password)
+    end
+end

data/test/dummy/app/helpers/main_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ module MainHelper
2	+ end

data/test/dummy/app/helpers/users_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ module UsersHelper
2	+ end

data/test/dummy/app/models/user.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class User < ActiveRecord::Base
2	+ end

data/test/dummy/app/views/main/index.html.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ <h1>Main#index</h1>
2	+ <p>Find me in app/views/main/index.html.erb</p>

data/test/dummy/app/views/main/login.html.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ <h1>Main#login</h1>
2	+ <p>Find me in app/views/main/login.html.erb</p>

data/test/dummy/app/views/users/_form.html.erb ADDED Viewed

@@ -0,0 +1,25 @@
+<%= form_for(@user) do |f| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+      <ul>
+      <% @user.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :name %><br>
+    <%= f.text_field :name %>
+  </div>
+  <div class="field">
+    <%= f.label :password %><br>
+    <%= f.text_field :password %>
+  </div>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

data/test/dummy/app/views/users/edit.html.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<h1>Editing user</h1>
+<%= render 'form' %>
+<%= link_to 'Show', @user %> |
+<%= link_to 'Back', users_path %>

data/test/dummy/app/views/users/index.html.erb ADDED Viewed

@@ -0,0 +1,27 @@
+<h1>Listing users</h1>
+<table>
+  <thead>
+    <tr>
+      <th>Name</th>
+      <th>Password</th>
+      <th colspan="3"></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @users.each do |user| %>
+      <tr>
+        <td><%= user.name %></td>
+        <td><%= user.password %></td>
+        <td><%= link_to 'Show', user %></td>
+        <td><%= link_to 'Edit', edit_user_path(user) %></td>
+        <td><%= link_to 'Destroy', user, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>
+<br>
+<%= link_to 'New User', new_user_path %>

data/test/dummy/app/views/users/login.html.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <h1>Login</h1>

data/test/dummy/app/views/users/new.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<h1>New user</h1>
+<%= render 'form' %>
+<%= link_to 'Back', users_path %>

data/test/dummy/app/views/users/show.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<p id="notice"><%= notice %></p>
+<p>
+  <strong>Name:</strong>
+  <%= @user.name %>
+</p>
+<p>
+  <strong>Password:</strong>
+  <%= @user.password %>
+</p>
+<%= link_to 'Edit', edit_user_path(@user) %> |
+<%= link_to 'Back', users_path %>

data/test/dummy/config/routes.rb CHANGED Viewed

@@ -1,4 +1,13 @@
 Rails.application.routes.draw do
+  root 'main#index'
+  get 'main/index'
+  get 'main/login'
+  resources :users
+  get '/login' => 'users#login'
   # The priority is based upon order of creation: first created -> highest priority.
   # See how all your routes lay out with "rake routes".

data/test/dummy/db/development.sqlite3 ADDED Viewed

Binary file

data/test/dummy/db/migrate/20140919004039_create_users.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :password
+      t.timestamps
+    end
+  end
+end

data/test/dummy/db/schema.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+ActiveRecord::Schema.define(version: 20140919004039) do
+  create_table "users", force: true do |t|
+    t.string   "name"
+    t.string   "password"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+end