RubyGems - ruby_jwt - Versions diffs - 1.1.0 → 2.0.0 - Mend

ruby_jwt 1.1.0 → 2.0.0

Files changed (67) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7e38ce66749c2472c721f6a21231267f4cae483a
-  data.tar.gz: 7fee6ca4a796980f08c810df27d8e7677b8515ed
+  metadata.gz: e534fc72b29b3327c419953c2586ebe7bb044969
+  data.tar.gz: ae170754b0293e51a43a286922b39e55f145599c
 SHA512:
-  metadata.gz: 110764e7fa85906de5db32fad455dc4351fccb63baff36f7b942ffb2e0611f746aca0e8a93f916ae071d43e6a70b59820c7e35080f0cd94f2fddf31368f5203b
-  data.tar.gz: 0d0b9cbc8a5137209e9e90937c26b2fb4fe39e69d971066bffc823a4f09988ec6a98fa286b1caf8abbf7782da3f95ac1c2bf7e6d289cee6877f332cce4ded671
+  metadata.gz: bb923d58727f97d79f0c49e2b9f0604bc150a78a467e642f1a452a6ef388f6a227e28708ff1d9a5c5fa4767f4ada369517f80254d280aee57209fc28a026e43f
+  data.tar.gz: 85495d0489e13a8cdf6deea6d2b358d5286823bd0992206f597f73f188c3a72b12f38dae6ff125418b607d6c5c8241d41a1b9e3e606dde3ccfa53befcfff7b0b

data/lib/ruby_jwt.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require 'json'
 module JWT
-	class DecodeError < StandardError;end
+	class VerificationError < StandardError;end
 	class SignError < StandardError;end
 	class DecodeResponse
 		attr_accessor :header, :payload, :signature
@@ -14,15 +14,15 @@ module JWT
 			@signature = signature
 		end
 	end
-	class VerificationResponse
-		attr_accessor :success, :message, :decoded_token
-		def initialize(success,message, decoded = nil)
-			@success = success
-			@message = message
-			@decoded_token = decoded
-		end
-	end
+	# class VerificationResponse
+	# 	attr_accessor :success, :message, :decoded_token
+	# 	def initialize(success,message, decoded = nil)
+	# 		@success = success
+	# 		@message = message
+	# 		@decoded_token = decoded
+	# 	end
+	# end
 	# class OpenSSL::PKey::EC
 	# 	alias_method :private?, :private_key?
@@ -42,7 +42,7 @@ module JWT
 		end
 		payload[:iat] = Time.now.to_i
 		if(payload_options[:exp])
-			payload_options	[:exp] += payload[:iat]
+			payload_options[:exp] += payload[:iat]
 		end
 		if(payload_options[:nbf])
@@ -63,34 +63,36 @@ module JWT
 	end
 	def verify(token,secret,options={})
-		return VerificationResponse.new(false, "JWT cannot be blank") if !token or token.empty?
+		raise VerificationError.new("JWT cannot be blank") if !token or token.empty?
 		jwt_parts = token.split(".")
 		jwt = decode(token)
 		alg = jwt.header[:alg]
-		return VerificationResponse.new(false,"Key cannot be blank if algorithm is not 'none'") if(alg != "none" and !secret)
+		raise VerificationError.new("Key cannot be blank if algorithm is not 'none'") if(alg != "none" and !secret)
+		raise VerificationError.new("JWT has invalid number of segments.") if(jwt_parts.count < 3 and alg != "none")
+		raise VerificationError.new("JWT has invalid number of segments.") if(jwt_parts.count < 2 and alg == "none")
 		payload = jwt.payload
 		signature = base64urldecode(jwt.signature) if alg != "none"
 		current_time = Time.now.to_i
 		if(payload[:exp] and current_time >= payload[:exp])
-			return VerificationResponse.new(false,"JWT is expired.")
+			raise VerificationError.new("JWT is expired.")
 		end
 		if(payload[:nbf] and current_time < payload[:nbf])
-			return VerificationResponse.new(false, "JWT nbf has not passed yet.")
+			raise VerificationError.new( "JWT nbf has not passed yet.")
 		end
 		if(options[:iss])
-			return VerificationResponse.new(false,"JWT issuer is invalid.") if options[:iss] != payload[:iss]
+			raise VerificationError.new("JWT issuer is invalid.") if options[:iss] != payload[:iss]
 		end
 		if(options[:aud])
 			audience = (options[:aud].is_a? Array) ? options[:aud] : [options[:aud]]
-			return VerificationResponse.new(false,"JWT audience is invalid.") if !audience.include? payload[:aud]
+			raise VerificationError.new("JWT audience is invalid.") if !audience.include? payload[:aud]
 		end
-		return VerificationResponse.new(false,"JWT signature is invalid.") if !verify_signature(alg,secret,jwt_parts[0..1].join("."),signature)
+		raise VerificationError.new("JWT signature is invalid.") if !verify_signature(alg,secret,jwt_parts[0..1].join("."),signature)
-		return VerificationResponse.new(true,"JWT is valid.",jwt)
+		return jwt
 	end
@@ -163,7 +165,7 @@ module JWT
 				raise JWT::DecodeError.new("Illegal base64 string!")
 			end
 		rescue ArgumentError => e
-			raise JWT::DecodeError.new(e.message)
+			raise JWT::VerificationError.new(e.message)
 		end
 	end

data/lib/ruby_jwt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RubyJwt
-  VERSION = "1.1.0"
+  VERSION = "2.0.0"
 end

data/test/dummy/app/assets/javascripts/main.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // Place all the behaviors and hooks related to the matching controller here.
2	+ // All this logic will automatically be available in application.js.

data/test/dummy/app/assets/javascripts/users.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // Place all the behaviors and hooks related to the matching controller here.
2	+ // All this logic will automatically be available in application.js.

data/test/dummy/app/assets/stylesheets/main.css ADDED Viewed

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/dummy/app/assets/stylesheets/scaffold.css ADDED Viewed

@@ -0,0 +1,56 @@
+body { background-color: #fff; color: #333; }
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+div.field, div.actions {
+  margin-bottom: 10px;
+}
+#notice {
+  color: green;
+}
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  margin-bottom: 0px;
+  background-color: #c00;
+  color: #fff;
+}
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}

data/test/dummy/app/assets/stylesheets/users.css ADDED Viewed

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/dummy/app/controllers/application_controller.rb CHANGED Viewed

@@ -2,4 +2,18 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+  def verify_token
+  	if(cookies[:session_token])
+  		x = JWT.verify(cookies[:session_token],"secret")
+  		redirect_to(root_path) if !x.success
+  		@current_user = User.find(x.decoded_token.payload[:user_id])
+  	else
+  		redirect_to root_path
+  	end
+  end
 end

data/test/dummy/app/controllers/main_controller.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class MainController < ApplicationController
+  def index
+  end
+  def login
+  end
+end

data/test/dummy/app/controllers/users_controller.rb ADDED Viewed

@@ -0,0 +1,64 @@
+class UsersController < ApplicationController
+  before_action :verify_token, only: [:index,:show, :edit, :update, :destroy]
+  before_action :set_user, only: [:show, :edit, :update, :destroy]
+  # GET /users
+  def index
+    @users = User.all
+  end
+  # GET /users/1
+  def show
+  end
+  # GET /users/new
+  def new
+    @user = User.new
+  end
+  def login
+    cookies[:session_token] = JWT.sign({:user_id => 1},"secret",{},{:alg => "HS384"})
+  end
+  # GET /users/1/edit
+  def edit
+  end
+  # POST /users
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      redirect_to @user, notice: 'User was successfully created.'
+    else
+      render :new
+    end
+  end
+  # PATCH/PUT /users/1
+  def update
+    if @user.update(user_params)
+      redirect_to @user, notice: 'User was successfully updated.'
+    else
+      render :edit
+    end
+  end
+  # DELETE /users/1
+  def destroy
+    @user.destroy
+    redirect_to users_url, notice: 'User was successfully destroyed.'
+  end
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_user
+      @user = @current_user
+    end
+    # Only allow a trusted parameter "white list" through.
+    def user_params
+      params.require(:user).permit(:name, :password)
+    end
+end

data/test/dummy/app/helpers/main_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ module MainHelper
2	+ end

data/test/dummy/app/helpers/users_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ module UsersHelper
2	+ end

data/test/dummy/app/models/user.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class User < ActiveRecord::Base
2	+ end

data/test/dummy/app/views/main/index.html.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ <h1>Main#index</h1>
2	+ <p>Find me in app/views/main/index.html.erb</p>

data/test/dummy/app/views/main/login.html.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ <h1>Main#login</h1>
2	+ <p>Find me in app/views/main/login.html.erb</p>

data/test/dummy/app/views/users/_form.html.erb ADDED Viewed

@@ -0,0 +1,25 @@
+<%= form_for(@user) do |f| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+      <ul>
+      <% @user.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :name %><br>
+    <%= f.text_field :name %>
+  </div>
+  <div class="field">
+    <%= f.label :password %><br>
+    <%= f.text_field :password %>
+  </div>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

data/test/dummy/app/views/users/edit.html.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<h1>Editing user</h1>
+<%= render 'form' %>
+<%= link_to 'Show', @user %> |
+<%= link_to 'Back', users_path %>

data/test/dummy/app/views/users/index.html.erb ADDED Viewed

@@ -0,0 +1,27 @@
+<h1>Listing users</h1>
+<table>
+  <thead>
+    <tr>
+      <th>Name</th>
+      <th>Password</th>
+      <th colspan="3"></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @users.each do |user| %>
+      <tr>
+        <td><%= user.name %></td>
+        <td><%= user.password %></td>
+        <td><%= link_to 'Show', user %></td>
+        <td><%= link_to 'Edit', edit_user_path(user) %></td>
+        <td><%= link_to 'Destroy', user, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>
+<br>
+<%= link_to 'New User', new_user_path %>

data/test/dummy/app/views/users/login.html.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <h1>Login</h1>

data/test/dummy/app/views/users/new.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<h1>New user</h1>
+<%= render 'form' %>
+<%= link_to 'Back', users_path %>

data/test/dummy/app/views/users/show.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<p id="notice"><%= notice %></p>
+<p>
+  <strong>Name:</strong>
+  <%= @user.name %>
+</p>
+<p>
+  <strong>Password:</strong>
+  <%= @user.password %>
+</p>
+<%= link_to 'Edit', edit_user_path(@user) %> |
+<%= link_to 'Back', users_path %>

data/test/dummy/config/routes.rb CHANGED Viewed

@@ -1,4 +1,13 @@
 Rails.application.routes.draw do
+  root 'main#index'
+  get 'main/index'
+  get 'main/login'
+  resources :users
+  get '/login' => 'users#login'
   # The priority is based upon order of creation: first created -> highest priority.
   # See how all your routes lay out with "rake routes".

data/test/dummy/db/development.sqlite3 ADDED Viewed

Binary file

data/test/dummy/db/migrate/20140919004039_create_users.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :password
+      t.timestamps
+    end
+  end
+end

data/test/dummy/db/schema.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+ActiveRecord::Schema.define(version: 20140919004039) do
+  create_table "users", force: true do |t|
+    t.string   "name"
+    t.string   "password"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+end