ruby_jwt 2.0.2 → 2.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ruby_jwt.rb +12 -29
  3. data/lib/ruby_jwt/version.rb +1 -1
  4. data/lib/ruby_jwt/version.rb.~1~ +3 -0
  5. data/test/dummy/app/controllers/application_controller.rb +6 -3
  6. data/test/dummy/app/controllers/application_controller.rb.~1~ +21 -0
  7. data/test/dummy/app/controllers/users_controller.rb +1 -1
  8. data/test/dummy/log/development.log +980 -0
  9. data/test/dummy/log/test.log +1560 -0
  10. data/test/ruby_jwt_test.rb.~1~ +100 -0
  11. metadata +7 -2
data/test/ruby_jwt_test.rb.~1~ ADDED
@@ -0,0 +1,100 @@
1
+ require 'test_helper'
2
+
3
+ class RubyJwtTest < ActiveSupport::TestCase
4
+
5
+ def setup
6
+ @header = {:typ => "JWT", :alg => "HS256"}
7
+ @payload = {:name => "Chris", :role =>"admin"}
8
+ @payload_options = {:iss => "my_app", :aud => "your_app", :exp => 5000}
9
+ @secret = "secret"
10
+ @key = OpenSSL::PKey::RSA.new(2048)
11
+ end
12
+
13
+ test "should encode and decode and verify hmac" do
14
+ jwt = JWT.sign(@payload,@secret,@payload_options,nil)
15
+ decoded = JWT.decode(jwt)
16
+ verified_jwt = JWT.verify(jwt,@secret,@payload_options)
17
+ assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
18
+ end
19
+
20
+ test "should encode and decode none" do
21
+ @header = {:typ => "JWT", :alg => "none"}
22
+ jwt = JWT.sign(@payload,nil,@payload_options,@header)
23
+ decoded = JWT.decode(jwt)
24
+ verified_jwt = JWT.verify(jwt,nil,@payload_options)
25
+ assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
26
+ end
27
+
28
+ test "should encode and decode RSA" do
29
+ @header = {:typ => "JWT", :alg => "RS384"}
30
+ jwt = JWT.sign(@payload,@key,@payload_options,@header)
31
+ decoded = JWT.decode(jwt)
32
+ verified_jwt = JWT.verify(jwt,@key,@payload_options)
33
+ assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
34
+ end
35
+
36
+ test "should encode and decode ECDSA" do
37
+ pk = OpenSSL::PKey::EC.new("prime192v1")
38
+ pk.generate_key
39
+ @header = {:typ => "JWT", :alg => "ES384"}
40
+ jwt = JWT.sign(@payload,pk,@payload_options,@header)
41
+ decoded = JWT.decode(jwt)
42
+ verified_jwt = JWT.verify(jwt,pk,@payload_options)
43
+ assert_equal(@header, verified_jwt.token.header) and assert_equal(@payload,verified_jwt.token.payload)
44
+ end
45
+
46
+ test "decodes and verifies existing token" do
47
+ secret = "0zWThVpyGq4QujsMHzTqNYZUbeXGB2Sa"
48
+ token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJDaHJpcyBXZXN0b24iLCJpYXQiOjE0MTA2MTc1NzQsImV4cCI6MTY5MDUwNzYzOTcsImF1ZCI6Ind3dy5leGFtcGxlLmNvbSIsInN1YiI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJHaXZlbk5hbWUiOiJKb2hubnkiLCJTdXJuYW1lIjoiUm9ja2V0IiwiRW1haWwiOiJqcm9ja2V0QGV4YW1wbGUuY29tIiwiUm9sZSI6WyJNYW5hZ2VyIiwiUHJvamVjdCBBZG1pbmlzdHJhdG9yIl19.llRwkrzrkAu_n4XFGvZpHR3J_p_Ow3er7LxJBZS-4M4"
49
+ decoded = JWT.decode(token)
50
+ verified = JWT.verify(token,secret,{:iss => "Chris Weston", :aud => ["www.example.com", "mysite.com"]})
51
+ assert_equal("Chris Weston",verified.token.payload[:iss]) and assert_equal(true, (verified.token.payload[:Role].include? "Manager"))
52
+ end
53
+
54
+ test "returns false if expired" do
55
+ @payload_options[:exp] = - 50
56
+ jwt = JWT.sign(@payload,@secret,@payload_options,@header)
57
+ verified_jwt = JWT.verify(jwt,@secret,@payload_options)
58
+ assert_equal(false,verified_jwt.success) and assert_equal("JWT is expired.",verified_jwt.message)
59
+ end
60
+
61
+ test "returns false if before nbf" do
62
+ @payload_options[:nbf] = 50
63
+ jwt = JWT.sign(@payload,@secret,@payload_options,@header)
64
+ verified_jwt = JWT.verify(jwt,@secret,@payload_options)
65
+ assert_equal(false,verified_jwt.success) and assert_equal("JWT nbf has not passed yet.",verified_jwt.message)
66
+ end
67
+
68
+ test "returns false if wrong audience" do
69
+ jwt = JWT.sign(@payload,@secret,@payload_options,@header)
70
+ verified_jwt = JWT.verify(jwt,@secret,{:aud => "not_your_app"})
71
+ assert_equal(false,verified_jwt.success) and assert_equal("JWT audience is invalid.",verified_jwt.message)
72
+ end
73
+
74
+ test "returns false if wrong issuer" do
75
+ jwt = JWT.sign(@payload,@secret,@payload_options,@header)
76
+ verified_jwt = JWT.verify(jwt,@secret,{:iss => "not_my_app"})
77
+ assert_equal(false,verified_jwt.success) and assert_equal("JWT issuer is invalid.",verified_jwt.message)
78
+ end
79
+
80
+ test "returns false if invalid signature" do
81
+ jwt = JWT.sign(@payload,@secret,@payload_options,@header)
82
+ verified_jwt = JWT.verify(jwt,"bad_secret")
83
+ assert_equal(false,verified_jwt.success) and assert_equal("JWT signature is invalid.",verified_jwt.message)
84
+ end
85
+
86
+ test "returns sign error for no key" do
87
+ assert_raises(JWT::SignError){jwt = JWT.sign(@payload,nil,@payload_options,@header)}
88
+ end
89
+
90
+ test "returns not implemented error for unsupported algorithm" do
91
+ assert_raises(JWT::SignError){@header[:alg] = "HS422";jwt = JWT.sign(@payload,@secret,@payload_options,@header)}
92
+ end
93
+
94
+ test "returns decode error for invalid base64" do
95
+ token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ.eyJpc3MiOiJDaHJpcyBXZXN0b24iLCJpYXQiOjE0MTA2MTc1NzQsImV4cCI6MTY5MDUwNzYzOTcsImF1ZCI6Ind3dy5leGFtcGxlLmNvbSIsInN1YiI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJHaXZlbk5hbWUiOiJKb2hubnkiLCJTdXJuYW1lIjoiUm9ja2V0IiwiRW1haWwiOiJqcm9ja2V0QGV4YW1wbGUuY29tIiwiUm9sZSI6WyJNYW5hZ2VyIiwiUHJvamVjdCBBZG1pbmlzdHJhdG9yIl19.llRwkrzrkAu_n4XFGvZpHR3J_p_Ow3er7LxJBZS-4M4"
96
+ assert_raises(JWT::VerificationError){JWT.decode(token)}
97
+ end
98
+
99
+
100
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Weston
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-19 00:00:00.000000000 Z
11
+ date: 2014-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -49,6 +49,7 @@ files:
49
49
  - Rakefile
50
50
  - lib/ruby_jwt.rb
51
51
  - lib/ruby_jwt/version.rb
52
+ - lib/ruby_jwt/version.rb.~1~
52
53
  - lib/tasks/ruby_jwt_tasks.rake
53
54
  - test/dummy/README.rdoc
54
55
  - test/dummy/Rakefile
@@ -60,6 +61,7 @@ files:
60
61
  - test/dummy/app/assets/stylesheets/scaffold.css
61
62
  - test/dummy/app/assets/stylesheets/users.css
62
63
  - test/dummy/app/controllers/application_controller.rb
64
+ - test/dummy/app/controllers/application_controller.rb.~1~
63
65
  - test/dummy/app/controllers/main_controller.rb
64
66
  - test/dummy/app/controllers/users_controller.rb
65
67
  - test/dummy/app/helpers/application_helper.rb
@@ -145,6 +147,7 @@ files:
145
147
  - test/dummy/tmp/cache/assets/test/sprockets/f6eeb33602682bd6ff6d1f177f6b142d
146
148
  - test/dummy/tmp/cache/assets/test/sprockets/f7cbd26ba1d28d48de824f0e94586655
147
149
  - test/ruby_jwt_test.rb
150
+ - test/ruby_jwt_test.rb.~1~
148
151
  - test/test_helper.rb
149
152
  homepage: https://github.com/Notsew/ruby_jwt
150
153
  licenses:
@@ -171,6 +174,7 @@ signing_key:
171
174
  specification_version: 4
172
175
  summary: JSON Web Token library for Ruby
173
176
  test_files:
177
+ - test/ruby_jwt_test.rb.~1~
174
178
  - test/test_helper.rb
175
179
  - test/ruby_jwt_test.rb
176
180
  - test/dummy/Rakefile
@@ -236,6 +240,7 @@ test_files:
236
240
  - test/dummy/app/views/users/edit.html.erb
237
241
  - test/dummy/app/views/users/_form.html.erb
238
242
  - test/dummy/app/views/users/index.html.erb
243
+ - test/dummy/app/controllers/application_controller.rb.~1~
239
244
  - test/dummy/app/controllers/application_controller.rb
240
245
  - test/dummy/app/controllers/main_controller.rb
241
246
  - test/dummy/app/controllers/users_controller.rb