RubyGems - ruby_jwt - Versions diffs - 2.0.2 → 2.0.4 - Mend

ruby_jwt 2.0.2 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/ruby_jwt.rb +12 -29
data/lib/ruby_jwt/version.rb +1 -1
data/lib/ruby_jwt/version.rb.~1~ +3 -0
data/test/dummy/app/controllers/application_controller.rb +6 -3
data/test/dummy/app/controllers/application_controller.rb.~1~ +21 -0
data/test/dummy/app/controllers/users_controller.rb +1 -1
data/test/dummy/log/development.log +980 -0
data/test/dummy/log/test.log +1560 -0
data/test/ruby_jwt_test.rb.~1~ +100 -0
metadata +7 -2

data/test/ruby_jwt_test.rb.~1~ ADDED Viewed

@@ -0,0 +1,100 @@
+require 'test_helper'
+class RubyJwtTest < ActiveSupport::TestCase
+  def setup
+	@header = {:typ => "JWT", :alg => "HS256"}
+	@payload = {:name => "Chris", :role =>"admin"}
+	@payload_options = {:iss => "my_app", :aud => "your_app", :exp => 5000}
+	@secret = "secret"
+	@key = OpenSSL::PKey::RSA.new(2048)
+  end
+  test "should encode and decode and verify hmac" do
+  	jwt = JWT.sign(@payload,@secret,@payload_options,nil)
+  	decoded = JWT.decode(jwt)
+  	verified_jwt = JWT.verify(jwt,@secret,@payload_options)
+    assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
+  end
+   test "should encode and decode none" do
+  	@header = {:typ => "JWT", :alg => "none"}
+  	jwt = JWT.sign(@payload,nil,@payload_options,@header)
+  	decoded = JWT.decode(jwt)
+  	verified_jwt = JWT.verify(jwt,nil,@payload_options)
+    assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
+  end
+  test "should encode and decode RSA" do
+  	@header = {:typ => "JWT", :alg => "RS384"}
+  	jwt = JWT.sign(@payload,@key,@payload_options,@header)
+  	decoded = JWT.decode(jwt)
+  	verified_jwt = JWT.verify(jwt,@key,@payload_options)
+    assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
+  end
+  test "should encode and decode ECDSA" do
+    pk = OpenSSL::PKey::EC.new("prime192v1")
+    pk.generate_key
+    @header = {:typ => "JWT", :alg => "ES384"}
+    jwt = JWT.sign(@payload,pk,@payload_options,@header)
+    decoded = JWT.decode(jwt)
+    verified_jwt = JWT.verify(jwt,pk,@payload_options)
+    assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
+  end
+  test "decodes and verifies existing token" do
+    secret = "0zWThVpyGq4QujsMHzTqNYZUbeXGB2Sa"
+    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDaHJpcyBXZXN0b24iLCJpYXQiOjE0MTA2MTc1NzQsImV4cCI6MTY5MDUwNzYzOTcsImF1ZCI6Ind3dy5leGFtcGxlLmNvbSIsInN1YiI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJHaXZlbk5hbWUiOiJKb2hubnkiLCJTdXJuYW1lIjoiUm9ja2V0IiwiRW1haWwiOiJqcm9ja2V0QGV4YW1wbGUuY29tIiwiUm9sZSI6WyJNYW5hZ2VyIiwiUHJvamVjdCBBZG1pbmlzdHJhdG9yIl19.llRwkrzrkAu_n4XFGvZpHR3J_p_Ow3er7LxJBZS-4M4"
+    decoded = JWT.decode(token)
+    verified = JWT.verify(token,secret,{:iss => "Chris Weston", :aud => ["www.example.com", "mysite.com"]})
+    assert_equal("Chris Weston",verified.token.payload[:iss]) and assert_equal(true, (verified.token.payload[:Role].include? "Manager"))
+  end
+  test "returns false if expired" do
+    @payload_options[:exp] = - 50
+    jwt = JWT.sign(@payload,@secret,@payload_options,@header)
+    verified_jwt = JWT.verify(jwt,@secret,@payload_options)
+    assert_equal(false,verified_jwt.success) and assert_equal("JWT is expired.",verified_jwt.message)
+  end
+  test "returns false if before nbf" do
+    @payload_options[:nbf] = 50
+    jwt = JWT.sign(@payload,@secret,@payload_options,@header)
+    verified_jwt = JWT.verify(jwt,@secret,@payload_options)
+    assert_equal(false,verified_jwt.success) and assert_equal("JWT nbf has not passed yet.",verified_jwt.message)
+  end
+  test "returns false if wrong audience" do
+    jwt = JWT.sign(@payload,@secret,@payload_options,@header)
+    verified_jwt = JWT.verify(jwt,@secret,{:aud => "not_your_app"})
+    assert_equal(false,verified_jwt.success) and assert_equal("JWT audience is invalid.",verified_jwt.message)
+  end
+  test "returns false if wrong issuer" do
+    jwt = JWT.sign(@payload,@secret,@payload_options,@header)
+    verified_jwt = JWT.verify(jwt,@secret,{:iss => "not_my_app"})
+    assert_equal(false,verified_jwt.success) and assert_equal("JWT issuer is invalid.",verified_jwt.message)
+  end
+  test "returns false if invalid signature" do
+    jwt = JWT.sign(@payload,@secret,@payload_options,@header)
+    verified_jwt = JWT.verify(jwt,"bad_secret")
+    assert_equal(false,verified_jwt.success) and assert_equal("JWT signature is invalid.",verified_jwt.message)
+  end
+  test "returns sign error for no key" do
+    assert_raises(JWT::SignError){jwt = JWT.sign(@payload,nil,@payload_options,@header)}
+  end
+  test "returns not implemented error for unsupported algorithm" do
+    assert_raises(JWT::SignError){@header[:alg] = "HS422";jwt = JWT.sign(@payload,@secret,@payload_options,@header)}
+  end
+  test "returns decode error for invalid base64" do
+    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ.eyJpc3MiOiJDaHJpcyBXZXN0b24iLCJpYXQiOjE0MTA2MTc1NzQsImV4cCI6MTY5MDUwNzYzOTcsImF1ZCI6Ind3dy5leGFtcGxlLmNvbSIsInN1YiI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJHaXZlbk5hbWUiOiJKb2hubnkiLCJTdXJuYW1lIjoiUm9ja2V0IiwiRW1haWwiOiJqcm9ja2V0QGV4YW1wbGUuY29tIiwiUm9sZSI6WyJNYW5hZ2VyIiwiUHJvamVjdCBBZG1pbmlzdHJhdG9yIl19.llRwkrzrkAu_n4XFGvZpHR3J_p_Ow3er7LxJBZS-4M4"
+    assert_raises(JWT::VerificationError){JWT.decode(token)}
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby_jwt
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.4
 platform: ruby
 authors:
 - Chris Weston
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-09-19 00:00:00.000000000 Z
+date: 2014-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -49,6 +49,7 @@ files:
 - Rakefile
 - lib/ruby_jwt.rb
 - lib/ruby_jwt/version.rb
+- lib/ruby_jwt/version.rb.~1~
 - lib/tasks/ruby_jwt_tasks.rake
 - test/dummy/README.rdoc
 - test/dummy/Rakefile
@@ -60,6 +61,7 @@ files:
 - test/dummy/app/assets/stylesheets/scaffold.css
 - test/dummy/app/assets/stylesheets/users.css
 - test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/application_controller.rb.~1~
 - test/dummy/app/controllers/main_controller.rb
 - test/dummy/app/controllers/users_controller.rb
 - test/dummy/app/helpers/application_helper.rb
@@ -145,6 +147,7 @@ files:
 - test/dummy/tmp/cache/assets/test/sprockets/f6eeb33602682bd6ff6d1f177f6b142d
 - test/dummy/tmp/cache/assets/test/sprockets/f7cbd26ba1d28d48de824f0e94586655
 - test/ruby_jwt_test.rb
+- test/ruby_jwt_test.rb.~1~
 - test/test_helper.rb
 homepage: https://github.com/Notsew/ruby_jwt
 licenses:
@@ -171,6 +174,7 @@ signing_key:
 specification_version: 4
 summary: JSON Web Token library for Ruby
 test_files:
+- test/ruby_jwt_test.rb.~1~
 - test/test_helper.rb
 - test/ruby_jwt_test.rb
 - test/dummy/Rakefile
@@ -236,6 +240,7 @@ test_files:
 - test/dummy/app/views/users/edit.html.erb
 - test/dummy/app/views/users/_form.html.erb
 - test/dummy/app/views/users/index.html.erb
+- test/dummy/app/controllers/application_controller.rb.~1~
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/main_controller.rb
 - test/dummy/app/controllers/users_controller.rb