diff --git a/.rubocop.yml b/.rubocop.yml index c4410459..7697d757 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,2 +1,5 @@ +AllCops: + Excludes: + - spec/**/* Metrics/LineLength: Enabled: false diff --git a/.travis.yml b/.travis.yml index 918ca9a8..888474e1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,7 @@ -sudo: false cache: bundler language: ruby rvm: - - 1.9.3 - - 2.0.0 - - 2.1.0 - 2.2.0 - 2.3.0 + - 2.4.0 script: "bundle exec rspec && bundle exec codeclimate-test-reporter" diff --git a/lib/jwt.rb b/lib/jwt.rb index a4c94a41..428056ce 100644 --- a/lib/jwt.rb +++ b/lib/jwt.rb @@ -2,6 +2,7 @@ require 'base64' require 'openssl' require 'jwt/decode' +require 'jwt/default_options' require 'jwt/encode' require 'jwt/error' require 'jwt/json' @@ -12,23 +13,7 @@ # https://tools.ietf.org/html/rfc7519#section-4.1.5 module JWT extend JWT::Json - - NAMED_CURVES = { - 'prime256v1' => 'ES256', - 'secp384r1' => 'ES384', - 'secp521r1' => 'ES512' - }.freeze - - DEFAULT_OPTIONS = { - verify_expiration: true, - verify_not_before: true, - verify_iss: false, - verify_iat: false, - verify_jti: false, - verify_aud: false, - verify_sub: false, - leeway: 0 - }.freeze + include JWT::DefaultOptions module_function @@ -151,7 +136,6 @@ def verify_signature_algo(algo, key, signing_input, signature) def secure_compare(a, b) return false if a.nil? || b.nil? || a.empty? || b.empty? || a.bytesize != b.bytesize l = a.unpack "C#{a.bytesize}" - res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res.zero? diff --git a/lib/jwt/default_options.rb b/lib/jwt/default_options.rb new file mode 100644 index 00000000..e853fe3e --- /dev/null +++ b/lib/jwt/default_options.rb @@ -0,0 +1,16 @@ +module JWT + module DefaultOptions + NAMED_CURVES = { 'prime256v1' => 'ES256', 'secp384r1' => 'ES384', 'secp521r1' => 'ES512' }.freeze + + DEFAULT_OPTIONS = { + verify_expiration: true, + verify_not_before: true, + verify_iss: false, + verify_iat: false, + verify_jti: false, + verify_aud: false, + verify_sub: false, + leeway: 0 + }.freeze + end +end diff --git a/lib/jwt/verify.rb b/lib/jwt/verify.rb index 1ee9c31b..4ba8cd7a 100644 --- a/lib/jwt/verify.rb +++ b/lib/jwt/verify.rb @@ -19,66 +19,41 @@ def initialize(payload, options) def verify_aud return unless (options_aud = extract_option(:aud)) - - if ([*@payload['aud']] & [*options_aud]).empty? - raise( - JWT::InvalidAudError, - "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || ''}" - ) - end + raise(JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{@payload['aud'] || ''}") if ([*@payload['aud']] & [*options_aud]).empty? end def verify_expiration return unless @payload.include?('exp') - - if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway) - raise(JWT::ExpiredSignature, 'Signature has expired') - end + raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway) end def verify_iat return unless @payload.include?('iat') - - if !@payload['iat'].is_a?(Numeric) || @payload['iat'].to_f > (Time.now.to_f + iat_leeway) - raise(JWT::InvalidIatError, 'Invalid iat') - end + raise(JWT::InvalidIatError, 'Invalid iat') if !@payload['iat'].is_a?(Numeric) || @payload['iat'].to_f > (Time.now.to_f + iat_leeway) end def verify_iss return unless (options_iss = extract_option(:iss)) - - if @payload['iss'].to_s != options_iss.to_s - raise( - JWT::InvalidIssuerError, - "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || ''}" - ) - end + raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{@payload['iss'] || ''}") if @payload['iss'].to_s != options_iss.to_s end def verify_jti options_verify_jti = extract_option(:verify_jti) if options_verify_jti.respond_to?(:call) raise(JWT::InvalidJtiError, 'Invalid jti') unless options_verify_jti.call(@payload['jti']) - else - raise(JWT::InvalidJtiError, 'Missing jti') if @payload['jti'].to_s.strip.empty? + elsif @payload['jti'].to_s.strip.empty? + raise(JWT::InvalidJtiError, 'Missing jti') end end def verify_not_before return unless @payload.include?('nbf') - - if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway) - raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') - end + raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway) end def verify_sub return unless (options_sub = extract_option(:sub)) - - raise( - JWT::InvalidSubError, - "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || ''}" - ) unless @payload['sub'].to_s == options_sub.to_s + raise(JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{@payload['sub'] || ''}") unless @payload['sub'].to_s == options_sub.to_s end private diff --git a/lib/jwt/version.rb b/lib/jwt/version.rb index 694e28ea..ddc4eb58 100644 --- a/lib/jwt/version.rb +++ b/lib/jwt/version.rb @@ -16,7 +16,7 @@ module VERSION # tiny version TINY = 0 # alpha, beta, etc. tag - PRE = 'dev' + PRE = 'dev'.freeze # Build version string STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') diff --git a/spec/integration/readme_examples_spec.rb b/spec/integration/readme_examples_spec.rb index 5a7b9e66..837380e7 100644 --- a/spec/integration/readme_examples_spec.rb +++ b/spec/integration/readme_examples_spec.rb @@ -176,12 +176,12 @@ end end - context 'custom header fields' do + context 'custom header fields' do it 'with custom field' do payload = { data: 'test' } - token = JWT.encode payload, nil, 'none', { typ: 'JWT' } - jwt_payload, header = JWT.decode token, nil, false + token = JWT.encode payload, nil, 'none', typ: 'JWT' + _, header = JWT.decode token, nil, false expect(header['typ']).to eq 'JWT' end diff --git a/spec/jwt/verify_spec.rb b/spec/jwt/verify_spec.rb index 1227d133..2e055b74 100644 --- a/spec/jwt/verify_spec.rb +++ b/spec/jwt/verify_spec.rb @@ -52,7 +52,7 @@ module JWT end it 'must allow an array with any value matching any value in the options array with a string options key' do - Verify.verify_aud(array_payload, options.merge("aud" => array_aud)) + Verify.verify_aud(array_payload, options.merge('aud' => array_aud)) end it 'must allow a singular audience payload matching any value in the options array' do @@ -60,7 +60,7 @@ module JWT end it 'must allow a singular audience payload matching any value in the options array with a string options key' do - Verify.verify_aud(scalar_payload, options.merge("aud" => array_aud)) + Verify.verify_aud(scalar_payload, options.merge('aud' => array_aud)) end it 'should allow strings or symbols in options array' do