Merge pull request #192 from excpt/master

Code smell fixes
jwt · Feb 12, 2017 · 4c8c7f6 · 4c8c7f6
2 parents c75f817 + 573a6c7
commit 4c8c7f6
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 61 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -1,2 +1,5 @@
+AllCops:
+  Excludes:
+    - spec/**/*
 Metrics/LineLength:
   Enabled: false
diff --git a/.travis.yml b/.travis.yml
@@ -1,10 +1,7 @@
-sudo: false
 cache: bundler
 language: ruby
 rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
   - 2.2.0
   - 2.3.0
+  - 2.4.0
 script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
diff --git a/lib/jwt.rb b/lib/jwt.rb
@@ -2,6 +2,7 @@
 require 'base64'
 require 'openssl'
 require 'jwt/decode'
+require 'jwt/default_options'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/json'
@@ -12,23 +13,7 @@
 # https://tools.ietf.org/html/rfc7519#section-4.1.5
 module JWT
   extend JWT::Json
-
-  NAMED_CURVES = {
-    'prime256v1' => 'ES256',
-    'secp384r1' => 'ES384',
-    'secp521r1' => 'ES512'
-  }.freeze
-
-  DEFAULT_OPTIONS = {
-    verify_expiration: true,
-    verify_not_before: true,
-    verify_iss: false,
-    verify_iat: false,
-    verify_jti: false,
-    verify_aud: false,
-    verify_sub: false,
-    leeway: 0
-  }.freeze
+  include JWT::DefaultOptions
 
   module_function
 
@@ -151,7 +136,6 @@ def verify_signature_algo(algo, key, signing_input, signature)
   def secure_compare(a, b)
     return false if a.nil? || b.nil? || a.empty? || b.empty? || a.bytesize != b.bytesize
     l = a.unpack "C#{a.bytesize}"
-
     res = 0
     b.each_byte { |byte| res |= byte ^ l.shift }
     res.zero?

diff --git a/lib/jwt/default_options.rb b/lib/jwt/default_options.rb
@@ -0,0 +1,16 @@
+module JWT
+  module DefaultOptions
+    NAMED_CURVES = { 'prime256v1' => 'ES256', 'secp384r1' => 'ES384', 'secp521r1' => 'ES512' }.freeze
+
+    DEFAULT_OPTIONS = {
+      verify_expiration: true,
+      verify_not_before: true,
+      verify_iss: false,
+      verify_iat: false,
+      verify_jti: false,
+      verify_aud: false,
+      verify_sub: false,
+      leeway: 0
+    }.freeze
+  end
+end
diff --git a/lib/jwt/verify.rb b/lib/jwt/verify.rb
@@ -19,66 +19,41 @@ def initialize(payload, options)
 
     def verify_aud
       return unless (options_aud = extract_option(:aud))
-
-      if ([*@payload['aud']] & [*options_aud]).empty?
-        raise(
-          JWT::InvalidAudError,
-          "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || '<none>'}"
-        )
-      end
+      raise(JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || '<none>'}") if ([*@payload['aud']] & [*options_aud]).empty?
     end
 
     def verify_expiration
       return unless @payload.include?('exp')
-
-      if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
-        raise(JWT::ExpiredSignature, 'Signature has expired')
-      end
+      raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
     end
 
     def verify_iat
       return unless @payload.include?('iat')
-
-      if !@payload['iat'].is_a?(Numeric) || @payload['iat'].to_f > (Time.now.to_f + iat_leeway)
-        raise(JWT::InvalidIatError, 'Invalid iat')
-      end
+      raise(JWT::InvalidIatError, 'Invalid iat') if !@payload['iat'].is_a?(Numeric) || @payload['iat'].to_f > (Time.now.to_f + iat_leeway)
     end
 
     def verify_iss
       return unless (options_iss = extract_option(:iss))
-
-      if @payload['iss'].to_s != options_iss.to_s
-        raise(
-          JWT::InvalidIssuerError,
-          "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || '<none>'}"
-        )
-      end
+      raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || '<none>'}") if @payload['iss'].to_s != options_iss.to_s
     end
 
     def verify_jti
       options_verify_jti = extract_option(:verify_jti)
       if options_verify_jti.respond_to?(:call)
         raise(JWT::InvalidJtiError, 'Invalid jti') unless options_verify_jti.call(@payload['jti'])
-      else
-        raise(JWT::InvalidJtiError, 'Missing jti') if @payload['jti'].to_s.strip.empty?
+      elsif @payload['jti'].to_s.strip.empty?
+        raise(JWT::InvalidJtiError, 'Missing jti')
       end
     end
 
     def verify_not_before
       return unless @payload.include?('nbf')
-
-      if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
-        raise(JWT::ImmatureSignature, 'Signature nbf has not been reached')
-      end
+      raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
     end
 
     def verify_sub
       return unless (options_sub = extract_option(:sub))
-
-      raise(
-        JWT::InvalidSubError,
-        "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || '<none>'}"
-      ) unless @payload['sub'].to_s == options_sub.to_s
+      raise(JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || '<none>'}") unless @payload['sub'].to_s == options_sub.to_s
     end
 
     private

diff --git a/lib/jwt/version.rb b/lib/jwt/version.rb
@@ -16,7 +16,7 @@ module VERSION
     # tiny version
     TINY  = 0
     # alpha, beta, etc. tag
-    PRE   = 'dev'
+    PRE   = 'dev'.freeze
 
     # Build version string
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

diff --git a/spec/integration/readme_examples_spec.rb b/spec/integration/readme_examples_spec.rb
@@ -176,12 +176,12 @@
       end
     end
 
-   context 'custom header fields' do
+    context 'custom header fields' do
       it 'with custom field' do
         payload = { data: 'test' }
 
-        token = JWT.encode payload, nil, 'none', { typ: 'JWT' }
-        jwt_payload, header = JWT.decode token, nil, false
+        token = JWT.encode payload, nil, 'none', typ: 'JWT'
+        _, header = JWT.decode token, nil, false
 
         expect(header['typ']).to eq 'JWT'
       end

diff --git a/spec/jwt/verify_spec.rb b/spec/jwt/verify_spec.rb
@@ -52,15 +52,15 @@ module JWT
       end
 
       it 'must allow an array with any value matching any value in the options array with a string options key' do
-        Verify.verify_aud(array_payload, options.merge("aud" => array_aud))
+        Verify.verify_aud(array_payload, options.merge('aud' => array_aud))
       end
 
       it 'must allow a singular audience payload matching any value in the options array' do
         Verify.verify_aud(scalar_payload, options.merge(aud: array_aud))
       end
 
       it 'must allow a singular audience payload matching any value in the options array with a string options key' do
-        Verify.verify_aud(scalar_payload, options.merge("aud" => array_aud))
+        Verify.verify_aud(scalar_payload, options.merge('aud' => array_aud))
       end
 
       it 'should allow strings or symbols in options array' do