From 93ffad28249f4e4f31dbcc235fc706c1f410f0f5 Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 20 Jul 2012 09:27:44 +0300 Subject: [PATCH 1/6] Getting JWT set up with Travis. --- .gitignore | 1 + .travis.yml | 8 ++++++++ Gemfile | 13 +++++++++++++ 3 files changed, 22 insertions(+) create mode 100644 .travis.yml create mode 100644 Gemfile diff --git a/.gitignore b/.gitignore index 420aea73..55a9aa81 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ jwt.gemspec pkg +Gemfile.lock diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..9dbbd92e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,8 @@ +language: ruby +rvm: + - 1.8.7 + - 1.9.2 + - 1.9.3 + - jruby + - ree +script: "bundle exec rake test" diff --git a/Gemfile b/Gemfile new file mode 100644 index 00000000..60c665f4 --- /dev/null +++ b/Gemfile @@ -0,0 +1,13 @@ +source :rubygems + +gem 'json', '>= 1.2.4' +gem 'jruby-openssl', :platforms => :jruby + +group :development do + gem 'echoe', '>= 4.6.3' +end + +group :test, :development do + gem 'rake', '>= 0.9.0' + gem 'rspec', '>= 2.11.0' +end From 61e8c70039bd1fbbe0ac7982802907cfd9eefeef Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 20 Jul 2012 09:55:15 +0300 Subject: [PATCH 2/6] Adding test that I suspect will cause issues in JRuby. --- spec/jwt.rb | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/spec/jwt.rb b/spec/jwt.rb index e9ea2fba..f7a63b2f 100644 --- a/spec/jwt.rb +++ b/spec/jwt.rb @@ -13,12 +13,12 @@ end it "encodes and decodes JWTs for RSA signatures" do - private_key = OpenSSL::PKey::RSA.generate(512) + private_key = OpenSSL::PKey::RSA.generate(512) jwt = JWT.encode(@payload, private_key, "RS256") decoded_payload = JWT.decode(jwt, private_key.public_key) decoded_payload.should == @payload end - + it "decodes valid JWTs" do example_payload = {"hello" => "world"} example_secret = 'secret' @@ -40,7 +40,7 @@ jwt = JWT.encode(@payload, right_private_key, "RS256") lambda { JWT.decode(jwt, bad_private_key.public_key) }.should raise_error(JWT::DecodeError) end - + it "allows decoding without key" do right_secret = 'foo' bad_secret = 'bar' @@ -48,15 +48,40 @@ decoded_payload = JWT.decode(jwt, bad_secret, false) decoded_payload.should == @payload end - + it "raises exception on unsupported crypto algorithm" do lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError) end - + it "encodes and decodes plaintext JWTs" do jwt = JWT.encode(@payload, nil, nil) jwt.split('.').length.should == 2 decoded_payload = JWT.decode(jwt, nil, nil) decoded_payload.should == @payload end + + it "raise exception on invalid signature" do + pubkey = OpenSSL::PKey::RSA.new(<<-PUBKEY) +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCaY7425h964bjaoLeUm +SlZ8sK7VtVk9zHbGmZh2ygGYwfuUf2bmMye2Ofv99yDE/rd4loVIAcu7RVvDRgHq +3/CZTnIrSvHsiJQsHBNa3d+F1ihPfzURzf1M5k7CFReBj2SBXhDXd57oRfBQj12w +CVhhwP6kGTAWuoppbIIIBfNF2lE/Nvm7lVVYQqL9xOrP/AQ4xRbpQlB8Ll9sO9Or +SvbWhCDa/LMOWxHdmrcJi6XoSg1vnOyCoKbyAoauTt/XqdkHbkDdQ6HFbJieu9il +LDZZNliPhfENuKeC2MCGVXTEu8Cqhy1w6e4axavLlXoYf4laJIZ/e7au8SqDbY0B +xwIDAQAB +-----END PUBLIC KEY----- +PUBKEY + jwt = ( + 'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiY' + + 'XVkIjoiMTA2MDM1Nzg5MTY4OC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSI' + + 'sImNpZCI6IjEwNjAzNTc4OTE2ODguYXBwcy5nb29nbGV1c2VyY29udGVudC5jb' + + '20iLCJpZCI6IjExNjQ1MjgyNDMwOTg1Njc4MjE2MyIsInRva2VuX2hhc2giOiJ' + + '0Z2hEOUo4bjhWME4ydmN3NmVNaWpnIiwiaWF0IjoxMzIwNjcwOTc4LCJleHAiO' + + 'jEzMjA2NzQ4Nzh9.D8x_wirkxDElqKdJBcsIws3Ogesk38okz6MN7zqC7nEAA7' + + 'wcy1PxsROY1fmBvXSer0IQesAqOW-rPOCNReSn-eY8d53ph1x2HAF-AzEi3GOl' + + '6hFycH8wj7Su6JqqyEbIVLxE7q7DkAZGaMPkxbTHs1EhSd5_oaKQ6O4xO3ZnnT4' + ) + lambda { JWT.decode(jwt, pubkey, true) }.should raise_error(JWT::DecodeError) + end end From 94cd35f750c97cbedeacc923cae6845c58842397 Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 20 Jul 2012 09:59:08 +0300 Subject: [PATCH 3/6] Added rescue to catch error that only seems to happen in JRuby? --- lib/jwt.rb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/jwt.rb b/lib/jwt.rb index 1c45e699..96c193c8 100644 --- a/lib/jwt.rb +++ b/lib/jwt.rb @@ -73,12 +73,16 @@ def self.decode(jwt, key=nil, verify=true) if verify == true algo = header['alg'] - if ["HS256", "HS384", "HS512"].include?(algo) - raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key) - elsif ["RS256", "RS384", "RS512"].include?(algo) - raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature) - else - raise JWT::DecodeError.new("Algorithm not supported") + begin + if ["HS256", "HS384", "HS512"].include?(algo) + raise JWT::DecodeError.new("Signature verification failed") unless signature == sign_hmac(algo, signing_input, key) + elsif ["RS256", "RS384", "RS512"].include?(algo) + raise JWT::DecodeError.new("Signature verification failed") unless verify_rsa(algo, key, signing_input, signature) + else + raise JWT::DecodeError.new("Algorithm not supported") + end + rescue OpenSSL::PKey::PKeyError + raise JWT::DecodeError.new("Signature verification failed") end end payload From 7159112dc6bc37dc2fe8af59b32d216c79fa99f7 Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 20 Jul 2012 10:02:53 +0300 Subject: [PATCH 4/6] Adding myself to contributor list. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9b364288..b949ce76 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ The tests are written with rspec. Given you have rake and rspec, you can run tes * Ilya Zhitomirskiy * Daniel Grippi * Jeff Lindsay + * Bob Aman ## License From 2fd6ea266767c1ecfda930c2faba1ee77743e8df Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 20 Jul 2012 10:03:10 +0300 Subject: [PATCH 5/6] Incrementing version for release. --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 3cc44c09..39576d79 100644 --- a/Rakefile +++ b/Rakefile @@ -2,7 +2,7 @@ require 'rubygems' require 'rake' require 'echoe' -Echoe.new('jwt', '0.1.4') do |p| +Echoe.new('jwt', '0.1.5') do |p| p.description = "JSON Web Token implementation in Ruby" p.url = "http://github.com/progrium/ruby-jwt" p.author = "Jeff Lindsay" From 961edebab57eb121abb0eada0e01b01471537dbd Mon Sep 17 00:00:00 2001 From: Bob Aman Date: Fri, 20 Jul 2012 10:28:01 +0300 Subject: [PATCH 6/6] Fixed issue with illformed requirement and file rename. --- Rakefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Rakefile b/Rakefile index 2fd35f00..91b307cb 100644 --- a/Rakefile +++ b/Rakefile @@ -8,10 +8,10 @@ Echoe.new('jwt', '0.1.5') do |p| p.author = "Jeff Lindsay" p.email = "jeff.lindsay@twilio.com" p.ignore_pattern = ["tmp/*"] - p.runtime_dependencies = ["multi_json ~> 1.0"] + p.runtime_dependencies = ["multi_json ~>1.0"] p.development_dependencies = ["echoe >=4.6.3"] end task :test do - sh "rspec spec/jwt.rb" + sh "rspec spec/jwt_spec.rb" end