From 2e9841e08401f8cca5f2ac5db10c5999f8eaab5f Mon Sep 17 00:00:00 2001 From: Jurriaan Pruis Date: Fri, 15 Sep 2017 15:53:38 +0200 Subject: [PATCH 1/3] Support ruby-jwt 2.0 This version of ruby-jwt requires specification of the algorithm (see jwt/ruby-jwt#184) for more information. I've created a PR on signet to. That has to be merged before ruby-jwt 2.0 can be really used (see https://github.com/google/signet/pull/93). Tested locally against ruby-jwt 2.0 and 1.5.6. --- googleauth.gemspec | 2 +- spec/googleauth/service_account_spec.rb | 5 +++-- spec/googleauth/signet_spec.rb | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/googleauth.gemspec b/googleauth.gemspec index c604a6d..370857f 100755 --- a/googleauth.gemspec +++ b/googleauth.gemspec @@ -28,7 +28,7 @@ Gem::Specification.new do |s| s.add_dependency 'faraday', '~> 0.12' s.add_dependency 'logging', '~> 2.0' - s.add_dependency 'jwt', '~> 1.4' + s.add_dependency 'jwt', '>= 1.4', '< 3.0' s.add_dependency 'memoist', '~> 0.12' s.add_dependency 'multi_json', '~> 1.11' s.add_dependency 'os', '~> 0.9' diff --git a/spec/googleauth/service_account_spec.rb b/spec/googleauth/service_account_spec.rb index 679c0ef..26bbcba 100644 --- a/spec/googleauth/service_account_spec.rb +++ b/spec/googleauth/service_account_spec.rb @@ -54,7 +54,7 @@ shared_examples 'jwt header auth' do expect(hdr).to_not be_nil expect(hdr.start_with?(auth_prefix)).to be true authorization = hdr[auth_prefix.length..-1] - payload, = JWT.decode(authorization, @key.public_key) + payload, = JWT.decode(authorization, @key.public_key, true, algorithm: 'RS256') expect(payload['aud']).to eq(test_uri) expect(payload['iss']).to eq(client_email) end @@ -135,7 +135,8 @@ describe Google::Auth::ServiceAccountCredentials do blk = proc do |request| params = Addressable::URI.form_unencode(request.body) _claim, _header = JWT.decode(params.assoc('assertion').last, - @key.public_key) + @key.public_key, true, + algorithm: 'RS256') end stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token') .with(body: hash_including( diff --git a/spec/googleauth/signet_spec.rb b/spec/googleauth/signet_spec.rb index dab6ed5..608dfb0 100644 --- a/spec/googleauth/signet_spec.rb +++ b/spec/googleauth/signet_spec.rb @@ -57,7 +57,8 @@ describe Signet::OAuth2::Client do blk = proc do |request| params = Addressable::URI.form_unencode(request.body) _claim, _header = JWT.decode(params.assoc('assertion').last, - @key.public_key) + @key.public_key, true, + algorithm: 'RS256') end stub_request(:post, 'https://accounts.google.com/o/oauth2/token') .with(body: hash_including( From ba5a07a6909fe5be0f37775b24751083333120c7 Mon Sep 17 00:00:00 2001 From: Jurriaan Pruis Date: Sun, 17 Sep 2017 18:15:24 +0200 Subject: [PATCH 2/3] Fix rubocop for Ruby 1.9.3 on CI Since Rubocop 0.42 MRI 1.9.3 isn't supported anymore. This commit makes sure that at least Rubocop 0.41 is used so 1.9.3 builds work again. --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 0b8b833..726da02 100755 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ group :development do gem 'rake', '~> 10.0' gem 'redis', '~> 3.2' gem 'rspec', '~> 3.0' - gem 'rubocop', '~> 0.49.0' + gem 'rubocop', '>= 0.41', '< 0.50' gem 'simplecov', '~> 0.9' gem 'sinatra' gem 'webmock', '~> 1.21' From 013861209c7e80f6447e182153a1b367d9b8e7c3 Mon Sep 17 00:00:00 2001 From: Jurriaan Pruis Date: Mon, 18 Sep 2017 11:35:02 +0200 Subject: [PATCH 3/3] Use specific version of JRuby to fix CI for now --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 94cccbd..c4981df 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ rvm: - 2.1 - 1.9.3 - rbx-2 - - jruby + - jruby-9.1.9.0 matrix: allow_failures: - rvm: rbx-2 # See rubinius/rubinius#3485 - rubocop segfaults