signed_json 2.0.0 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/signed_json.rb +19 -5
  3. data/lib/signed_json/version.rb +1 -1
  4. data/signed_json.gemspec +0 -2
  5. data/spec/signed_json_spec.rb +38 -0
  6. metadata +10 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7f87c5b0f1a4ece38890c06ce7ea92402ac1051f
4
- data.tar.gz: 0f74718e9382c444ded4db1a5fccbced5fcc8430
3
+ metadata.gz: b0d232f1c98656d1df95445512bd1b456fb23f94
4
+ data.tar.gz: 88b330d8e3a7cda309dfa306a07038b15f62f2c4
5
5
  SHA512:
6
- metadata.gz: 0b1a8f253f94571aec508af9fd4202627bf0f15a9e8aedf4f1c5b38bca11440f02d13444a3a9161d8da3947cdc4ffaec1fa7ef0a134900cc96092fbf5c6a9814
7
- data.tar.gz: 7320c16827347b01d0bcc9416d8ab2e801ce1c2cdd680e892934f3a83d1b32b2f6359b5e3e47d94443913ef45eb4c7a8888d1988946fb9725980937b6ceb0b4a
6
+ metadata.gz: 4a2fc3e5a36e9cb1b8c5c84250ef85e1353cfc6cbaa6c08176e179e07495b691eb1e09ad8fde070b5a2e5478141e8730eea93a7cc912d80f35880168eeb4109a
7
+ data.tar.gz: 6c3f9f5936eea3cf7c41d147010f30847ea34bf2664d30bf33abce94c7d06e51130f928621979522b0b7a86a891a8830575b4cb859324be7aac3d726999839be
data/lib/signed_json.rb CHANGED
@@ -11,7 +11,7 @@ module SignedJson
11
11
 
12
12
  def encode(input)
13
13
  data_to_encode = [digest_for(input), input]
14
- json_generate(data_to_encode)
14
+ JSON.generate(data_to_encode)
15
15
  end
16
16
 
17
17
  def decode(input)
@@ -26,7 +26,7 @@ module SignedJson
26
26
  def digest_for(input)
27
27
  require 'openssl' unless defined?(OpenSSL) # from ActiveSupport::MessageVerifier
28
28
  digest = OpenSSL::Digest.const_get(@digest).new
29
- OpenSSL::HMAC.hexdigest(digest, @secret, json_generate(input))
29
+ OpenSSL::HMAC.hexdigest(digest, @secret, signature_input(input))
30
30
  end
31
31
 
32
32
  private
@@ -45,9 +45,23 @@ module SignedJson
45
45
  raise InputError
46
46
  end
47
47
 
48
- def json_generate(data)
49
- # Use JSON.dump; JSON.generate only handles top-level object/array.
50
- JSON.dump(data)
48
+ def signature_input(data)
49
+ if [Array, Hash].any? { |c| c === data }
50
+ JSON.generate(data)
51
+ else
52
+ signature_input_for_unsupported_root_type(data)
53
+ end
54
+ end
55
+
56
+ # signed_json depended on Ruby JSON encoding top-level objects other than
57
+ # array and object, which are the only two JSON actually supports.
58
+ #
59
+ # json_pure v2.x refuses to JSON encode these types.
60
+ #
61
+ # signed_json must continue to support them to avoid breaking signatures
62
+ # across versions / implementations.
63
+ def signature_input_for_unsupported_root_type(data)
64
+ JSON.generate([data])[1..-2]
51
65
  end
52
66
 
53
67
  end
data/lib/signed_json/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SignedJson
2
- VERSION = "2.0.0"
2
+ VERSION = "3.0.0"
3
3
  end
data/signed_json.gemspec CHANGED
@@ -18,8 +18,6 @@ Gem::Specification.new do |s|
18
18
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
19
19
  s.require_paths = ["lib"]
20
20
 
21
- s.add_dependency('json')
22
-
23
21
  s.add_development_dependency('rspec', ['~> 3.1'])
24
22
  s.add_development_dependency('rake')
25
23
  end
data/spec/signed_json_spec.rb CHANGED
@@ -38,6 +38,44 @@ describe SignedJson do
38
38
  expect(JSON.parse(encoded)).to be_instance_of(Array)
39
39
  end
40
40
 
41
+ describe "known-good signature from v2.0.0" do
42
+ {
43
+ {"hello" => "world"} => "c9bd3c44a91cfe176f71afcc1e08240555f0ce8b",
44
+ ["hello", "world"] => "67a288435a9268645d399e5969de777096028b2d",
45
+ nil => "546b281dfcf7e69a4dbcb6a5001929585d65c7d7",
46
+ "hello world" => "1ed96f0a1cadcee5bd139eb850d39ac1bcda6747",
47
+ 1234 => "307c560360fbf15ecab5a78299052fe68a302d7a",
48
+ }.each do |data, expected|
49
+ it "is #{expected} for #{data.inspect}" do
50
+ encoded = SignedJson::Signer.new("secret").encode(data)
51
+ signature, payload = JSON.parse(encoded)
52
+ expect(signature).to eq(expected)
53
+ expect(payload).to eq(data)
54
+ end
55
+ end
56
+ end
57
+
58
+ it "returns known-good signature and payload for object" do
59
+ encoded = SignedJson::Signer.new("secret").encode(hello: "world")
60
+ signature, payload = JSON.parse(encoded)
61
+ expect(signature).to eq("c9bd3c44a91cfe176f71afcc1e08240555f0ce8b")
62
+ expect(payload).to eq({"hello" => "world"})
63
+ end
64
+
65
+ it "returns known-good signature and payload for array" do
66
+ encoded = SignedJson::Signer.new("secret").encode(%w(hello world))
67
+ signature, payload = JSON.parse(encoded)
68
+ expect(signature).to eq("67a288435a9268645d399e5969de777096028b2d")
69
+ expect(payload).to eq(["hello", "world"])
70
+ end
71
+
72
+ it "returns known-good signature and payload for nil" do
73
+ encoded = SignedJson::Signer.new("secret").encode(nil)
74
+ signature, payload = JSON.parse(encoded)
75
+ expect(signature).to eq("546b281dfcf7e69a4dbcb6a5001929585d65c7d7")
76
+ expect(payload).to eq(nil)
77
+ end
78
+
41
79
  end
42
80
 
43
81
  describe "Signer#decode error handling" do
metadata CHANGED
@@ -1,55 +1,41 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signed_json
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Annesley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-11-10 00:00:00.000000000 Z
11
+ date: 2016-07-08 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: json
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - ">="
18
- - !ruby/object:Gem::Version
19
- version: '0'
20
- type: :runtime
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - ">="
25
- - !ruby/object:Gem::Version
26
- version: '0'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: rspec
29
15
  requirement: !ruby/object:Gem::Requirement
30
16
  requirements:
31
- - - "~>"
17
+ - - ~>
32
18
  - !ruby/object:Gem::Version
33
19
  version: '3.1'
34
20
  type: :development
35
21
  prerelease: false
36
22
  version_requirements: !ruby/object:Gem::Requirement
37
23
  requirements:
38
- - - "~>"
24
+ - - ~>
39
25
  - !ruby/object:Gem::Version
40
26
  version: '3.1'
41
27
  - !ruby/object:Gem::Dependency
42
28
  name: rake
43
29
  requirement: !ruby/object:Gem::Requirement
44
30
  requirements:
45
- - - ">="
31
+ - - '>='
46
32
  - !ruby/object:Gem::Version
47
33
  version: '0'
48
34
  type: :development
49
35
  prerelease: false
50
36
  version_requirements: !ruby/object:Gem::Requirement
51
37
  requirements:
52
- - - ">="
38
+ - - '>='
53
39
  - !ruby/object:Gem::Version
54
40
  version: '0'
55
41
  description:
@@ -59,7 +45,7 @@ executables: []
59
45
  extensions: []
60
46
  extra_rdoc_files: []
61
47
  files:
62
- - ".gitignore"
48
+ - .gitignore
63
49
  - Gemfile
64
50
  - README.md
65
51
  - Rakefile
@@ -78,17 +64,17 @@ require_paths:
78
64
  - lib
79
65
  required_ruby_version: !ruby/object:Gem::Requirement
80
66
  requirements:
81
- - - ">="
67
+ - - '>='
82
68
  - !ruby/object:Gem::Version
83
69
  version: '0'
84
70
  required_rubygems_version: !ruby/object:Gem::Requirement
85
71
  requirements:
86
- - - ">="
72
+ - - '>='
87
73
  - !ruby/object:Gem::Version
88
74
  version: '0'
89
75
  requirements: []
90
76
  rubyforge_project: signed_json
91
- rubygems_version: 2.2.2
77
+ rubygems_version: 2.0.14.1
92
78
  signing_key:
93
79
  specification_version: 4
94
80
  summary: Encodes and decodes data to a JSON string signed with OpenSSL HMAC. Great