added Jordan Brough as contributor, declared dependency on Echoe, added support for plaintext/unsigned JWTs as introduced by draft 03

progrium · progrium · commit 92fdbf879d86 · 2011-11-11T11:39:09.000-08:00
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # JWT
-A Ruby implementation of [JSON Web Token draft 01](http://self-issued.info/docs/draft-jones-json-web-token-01.html).
+A Ruby implementation of [JSON Web Token draft 06](http://self-issued.info/docs/draft-jones-json-web-token-06.html).
 
 ## Installing
 
@@ -37,14 +37,26 @@ Change the algorithm with by setting it in encode:
 
     JWT.encode({"some" => "payload"}, "secret", "HS512")
 
-## Tests
+**Plaintext**
+
+We also support unsigned plaintext JWTs as introduced by draft 03 by explicitly specifying `nil` as the key and algorithm:
+
+    jwt = JWT.encode({"some" => "payload"}, nil, nil)
+    JWT.decode(jwt, nil, nil)
+
+## Development and Tests
+
+We depend on [Echoe](http://rubygems.org/gems/echoe) for defining gemspec and performing releases to rubygems.org, which can be done with
+
+    rake release
 
 The tests are written with rspec. Given you have rake and rspec, you can run tests with
 
     rake test
 
 ## Contributors
 
+ * Jordan Brough <github.jordanb@xoxy.net>
  * Ilya Zhitomirskiy <ilya@joindiaspora.com>
  * Daniel Grippi <daniel@joindiaspora.com>
  * Jeff Lindsay <jeff.lindsay@twilio.com>
diff --git a/Rakefile b/Rakefile
@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
 
-Echoe.new('jwt', '0.1.3') do |p|
+Echoe.new('jwt', '0.1.4') do |p|
   p.description    = "JSON Web Token implementation in Ruby"
   p.url            = "http://github.com/progrium/ruby-jwt"
   p.author         = "Jeff Lindsay"
diff --git a/lib/jwt.rb b/lib/jwt.rb
@@ -1,8 +1,8 @@
 # 
 # JSON Web Token implementation
 # 
-# Minimum implementation based on this spec:
-# http://self-issued.info/docs/draft-jones-json-web-token-01.html
+# Should be up to date with the latest spec:
+# http://self-issued.info/docs/draft-jones-json-web-token-06.html
 
 require "base64"
 require "openssl"
@@ -43,29 +43,34 @@ def self.base64url_encode(str)
   end  
   
   def self.encode(payload, key, algorithm='HS256')
+    algorithm ||= "none"
     segments = []
     header = {"typ" => "JWT", "alg" => algorithm}
     segments << base64url_encode(header.to_json)
     segments << base64url_encode(payload.to_json)
     signing_input = segments.join('.')
-    signature = sign(algorithm, signing_input, key)
-    segments << base64url_encode(signature)
+    if algorithm != "none"
+      signature = sign(algorithm, signing_input, key)
+      segments << base64url_encode(signature)
+    else
+      segments << ""
+    end
     segments.join('.')
   end
   
   def self.decode(jwt, key=nil, verify=true)
     segments = jwt.split('.')
-    raise JWT::DecodeError.new("Not enough or too many segments") unless segments.length == 3
+    raise JWT::DecodeError.new("Not enough or too many segments") unless [2,3].include? segments.length
     header_segment, payload_segment, crypto_segment = segments
     signing_input = [header_segment, payload_segment].join('.')
     begin
       header = JSON.parse(base64url_decode(header_segment))
       payload = JSON.parse(base64url_decode(payload_segment))
-      signature = base64url_decode(crypto_segment)
+      signature = base64url_decode(crypto_segment) if verify
     rescue JSON::ParserError
       raise JWT::DecodeError.new("Invalid segment encoding")
     end
-    if verify
+    if verify == true
       algo = header['alg']
 
       if ["HS256", "HS384", "HS512"].include?(algo)
diff --git a/spec/jwt.rb b/spec/jwt.rb
@@ -52,4 +52,11 @@
   it "raises exception on unsupported crypto algorithm" do
     lambda { JWT.encode(@payload, "secret", 'HS1024') }.should raise_error(NotImplementedError)
   end
+  
+  it "encodes and decodes plaintext JWTs" do
+    jwt = JWT.encode(@payload, nil, nil)
+    jwt.split('.').length.should == 2
+    decoded_payload = JWT.decode(jwt, nil, nil)
+    decoded_payload.should == @payload
+  end
 end
