signed_json 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/signed_json.rb +19 -5
  3. data/lib/signed_json/version.rb +1 -1
  4. data/signed_json.gemspec +0 -2
  5. data/spec/signed_json_spec.rb +38 -0
  6. metadata +10 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7f87c5b0f1a4ece38890c06ce7ea92402ac1051f
4
- data.tar.gz: 0f74718e9382c444ded4db1a5fccbced5fcc8430
3
+ metadata.gz: b0d232f1c98656d1df95445512bd1b456fb23f94
4
+ data.tar.gz: 88b330d8e3a7cda309dfa306a07038b15f62f2c4
5
5
  SHA512:
6
- metadata.gz: 0b1a8f253f94571aec508af9fd4202627bf0f15a9e8aedf4f1c5b38bca11440f02d13444a3a9161d8da3947cdc4ffaec1fa7ef0a134900cc96092fbf5c6a9814
7
- data.tar.gz: 7320c16827347b01d0bcc9416d8ab2e801ce1c2cdd680e892934f3a83d1b32b2f6359b5e3e47d94443913ef45eb4c7a8888d1988946fb9725980937b6ceb0b4a
6
+ metadata.gz: 4a2fc3e5a36e9cb1b8c5c84250ef85e1353cfc6cbaa6c08176e179e07495b691eb1e09ad8fde070b5a2e5478141e8730eea93a7cc912d80f35880168eeb4109a
7
+ data.tar.gz: 6c3f9f5936eea3cf7c41d147010f30847ea34bf2664d30bf33abce94c7d06e51130f928621979522b0b7a86a891a8830575b4cb859324be7aac3d726999839be
data/lib/signed_json.rb CHANGED
@@ -11,7 +11,7 @@ module SignedJson
11
11
 
12
12
  def encode(input)
13
13
  data_to_encode = [digest_for(input), input]
14
- json_generate(data_to_encode)
14
+ JSON.generate(data_to_encode)
15
15
  end
16
16
 
17
17
  def decode(input)
@@ -26,7 +26,7 @@ module SignedJson
26
26
  def digest_for(input)
27
27
  require 'openssl' unless defined?(OpenSSL) # from ActiveSupport::MessageVerifier
28
28
  digest = OpenSSL::Digest.const_get(@digest).new
29
- OpenSSL::HMAC.hexdigest(digest, @secret, json_generate(input))
29
+ OpenSSL::HMAC.hexdigest(digest, @secret, signature_input(input))
30
30
  end
31
31
 
32
32
  private
@@ -45,9 +45,23 @@ module SignedJson
45
45
  raise InputError
46
46
  end
47
47
 
48
- def json_generate(data)
49
- # Use JSON.dump; JSON.generate only handles top-level object/array.
50
- JSON.dump(data)
48
+ def signature_input(data)
49
+ if [Array, Hash].any? { |c| c === data }
50
+ JSON.generate(data)
51
+ else
52
+ signature_input_for_unsupported_root_type(data)
53
+ end
54
+ end
55
+
56
+ # signed_json depended on Ruby JSON encoding top-level objects other than
57
+ # array and object, which are the only two JSON actually supports.
58
+ #
59
+ # json_pure v2.x refuses to JSON encode these types.
60
+ #
61
+ # signed_json must continue to support them to avoid breaking signatures
62
+ # across versions / implementations.
63
+ def signature_input_for_unsupported_root_type(data)
64
+ JSON.generate([data])[1..-2]
51
65
  end
52
66
 
53
67
  end
data/lib/signed_json/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SignedJson
2
- VERSION = "2.0.0"
2
+ VERSION = "3.0.0"
3
3
  end
data/signed_json.gemspec CHANGED
@@ -18,8 +18,6 @@ Gem::Specification.new do |s|
18
18
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
19
19
  s.require_paths = ["lib"]
20
20
 
21
- s.add_dependency('json')
22
-
23
21
  s.add_development_dependency('rspec', ['~> 3.1'])
24
22
  s.add_development_dependency('rake')
25
23
  end
data/spec/signed_json_spec.rb CHANGED
@@ -38,6 +38,44 @@ describe SignedJson do
38
38
  expect(JSON.parse(encoded)).to be_instance_of(Array)
39
39
  end
40
40
 
41
+ describe "known-good signature from v2.0.0" do
42
+ {
43
+ {"hello" => "world"} => "c9bd3c44a91cfe176f71afcc1e08240555f0ce8b",
44
+ ["hello", "world"] => "67a288435a9268645d399e5969de777096028b2d",
45
+ nil => "546b281dfcf7e69a4dbcb6a5001929585d65c7d7",
46
+ "hello world" => "1ed96f0a1cadcee5bd139eb850d39ac1bcda6747",
47
+ 1234 => "307c560360fbf15ecab5a78299052fe68a302d7a",
48
+ }.each do |data, expected|
49
+ it "is #{expected} for #{data.inspect}" do
50
+ encoded = SignedJson::Signer.new("secret").encode(data)
51
+ signature, payload = JSON.parse(encoded)
52
+ expect(signature).to eq(expected)
53
+ expect(payload).to eq(data)
54
+ end
55
+ end
56
+ end
57
+
58
+ it "returns known-good signature and payload for object" do
59
+ encoded = SignedJson::Signer.new("secret").encode(hello: "world")
60
+ signature, payload = JSON.parse(encoded)
61
+ expect(signature).to eq("c9bd3c44a91cfe176f71afcc1e08240555f0ce8b")
62
+ expect(payload).to eq({"hello" => "world"})
63
+ end
64
+
65
+ it "returns known-good signature and payload for array" do
66
+ encoded = SignedJson::Signer.new("secret").encode(%w(hello world))
67
+ signature, payload = JSON.parse(encoded)
68
+ expect(signature).to eq("67a288435a9268645d399e5969de777096028b2d")
69
+ expect(payload).to eq(["hello", "world"])
70
+ end
71
+
72
+ it "returns known-good signature and payload for nil" do
73
+ encoded = SignedJson::Signer.new("secret").encode(nil)
74
+ signature, payload = JSON.parse(encoded)
75
+ expect(signature).to eq("546b281dfcf7e69a4dbcb6a5001929585d65c7d7")
76
+ expect(payload).to eq(nil)
77
+ end
78
+
41
79
  end
42
80
 
43
81
  describe "Signer#decode error handling" do
metadata CHANGED
@@ -1,55 +1,41 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signed_json
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Annesley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-11-10 00:00:00.000000000 Z
11
+ date: 2016-07-08 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: json
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - ">="
18
- - !ruby/object:Gem::Version
19
- version: '0'
20
- type: :runtime
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - ">="
25
- - !ruby/object:Gem::Version
26
- version: '0'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: rspec
29
15
  requirement: !ruby/object:Gem::Requirement
30
16
  requirements:
31
- - - "~>"
17
+ - - ~>
32
18
  - !ruby/object:Gem::Version
33
19
  version: '3.1'
34
20
  type: :development
35
21
  prerelease: false
36
22
  version_requirements: !ruby/object:Gem::Requirement
37
23
  requirements:
38
- - - "~>"
24
+ - - ~>
39
25
  - !ruby/object:Gem::Version
40
26
  version: '3.1'
41
27
  - !ruby/object:Gem::Dependency
42
28
  name: rake
43
29
  requirement: !ruby/object:Gem::Requirement
44
30
  requirements:
45
- - - ">="
31
+ - - '>='
46
32
  - !ruby/object:Gem::Version
47
33
  version: '0'
48
34
  type: :development
49
35
  prerelease: false
50
36
  version_requirements: !ruby/object:Gem::Requirement
51
37
  requirements:
52
- - - ">="
38
+ - - '>='
53
39
  - !ruby/object:Gem::Version
54
40
  version: '0'
55
41
  description:
@@ -59,7 +45,7 @@ executables: []
59
45
  extensions: []
60
46
  extra_rdoc_files: []
61
47
  files:
62
- - ".gitignore"
48
+ - .gitignore
63
49
  - Gemfile
64
50
  - README.md
65
51
  - Rakefile
@@ -78,17 +64,17 @@ require_paths:
78
64
  - lib
79
65
  required_ruby_version: !ruby/object:Gem::Requirement
80
66
  requirements:
81
- - - ">="
67
+ - - '>='
82
68
  - !ruby/object:Gem::Version
83
69
  version: '0'
84
70
  required_rubygems_version: !ruby/object:Gem::Requirement
85
71
  requirements:
86
- - - ">="
72
+ - - '>='
87
73
  - !ruby/object:Gem::Version
88
74
  version: '0'
89
75
  requirements: []
90
76
  rubyforge_project: signed_json
91
- rubygems_version: 2.2.2
77
+ rubygems_version: 2.0.14.1
92
78
  signing_key:
93
79
  specification_version: 4
94
80
  summary: Encodes and decodes data to a JSON string signed with OpenSSL HMAC. Great