packages feed

jwt 0.5.0 → 0.5.1

raw patch · 5 files changed

+39/−3 lines, 5 filesdep +lensdep +lens-aesonPVP ok

version bump matches the API change (PVP)

Dependencies added: lens, lens-aeson

API changes (from Hackage documentation)

Files

changelog view
@@ -1,3 +1,11 @@+2015-01-03 0.5.1+================++	* Fix the encoding of the `aud` part of the claim.+	  Thanks to Aaron Levin for reporting and implementing the change.+	  In addition to the fix we now also verify the shape fo the generated+	  payload.+ 2014-12-01 0.5.0 ================ 
jwt.cabal view
@@ -2,7 +2,7 @@ -- documentation, see http://haskell.org/cabal/users-guide/  name:                jwt-version:             0.5.0+version:             0.5.1 synopsis:            JSON Web Token (JWT) decoding and encoding license:             MIT license-file:        LICENSE@@ -75,6 +75,8 @@                      , tasty-th >= 0.1                      , tasty-hunit >= 0.4                      , tasty-quickcheck >= 0.3+                     , lens-aeson+                     , lens                      , HUnit                      , QuickCheck >= 2.4.0.1                      , cryptohash
src/Web/JWT.hs view
@@ -402,7 +402,7 @@     toJSON JWTClaimsSet{..} = object $ catMaybes [                   fmap ("iss" .=) iss                 , fmap ("sub" .=) sub-                , fmap ("aud" .=) aud+                , either ("aud" .=) ("aud" .=) <$> aud                 , fmap ("exp" .=) exp                 , fmap ("nbf" .=) nbf                 , fmap ("iat" .=) iat@@ -415,7 +415,10 @@                      (\o -> JWTClaimsSet                      <$> o .:? "iss"                      <*> o .:? "sub"-                     <*> o .:? "aud"+                     <*> case StrictMap.lookup "aud" o of+                         (Just as@(JSON.Array _)) -> Just <$> Right <$> parseJSON as+                         (Just (JSON.String t))   -> pure $ Left <$> stringOrURI t+                         _                        -> pure Nothing                      <*> o .:? "exp"                      <*> o .:? "nbf"                      <*> o .:? "iat"
tests/src/TestRunner.hs view
@@ -1,6 +1,7 @@ module Main where  import qualified Web.JWTTests+import qualified Web.JWTInteropTests import qualified Web.Base64Tests import           Test.Tasty @@ -10,6 +11,7 @@ tests :: TestTree tests = testGroup "JWT Tests" [                     Web.JWTTests.defaultTestGroup+                  , Web.JWTInteropTests.defaultTestGroup                   , Web.Base64Tests.defaultTestGroup                 ] 
tests/src/Web/JWTTests.hs view
@@ -143,6 +143,27 @@         jwt = decodeAndVerifySignature secret' $ encodeSigned HS256 secret' cs     Just cs @=? fmap claims jwt +case_encodeDecodeJWTClaimsSetWithSingleAud = do+    let now = 1234+        cs = def {+            iss = stringOrURI "Foo"+          , aud = Left <$> stringOrURI "single-audience"+          , iat = intDate now+        }+    let secret' = secret "secret"+        jwt = decodeAndVerifySignature secret' $ encodeSigned HS256 secret' cs+    Just cs @=? fmap claims jwt++case_encodeDecodeJWTClaimsSetWithMultipleAud = do+    let now = 1234+        cs = def {+            iss = stringOrURI "Foo"+          , aud = Right <$> (:[]) <$> stringOrURI "audience"+          , iat = intDate now+        }+    let secret' = secret "secret"+        jwt = decodeAndVerifySignature secret' $ encodeSigned HS256 secret' cs+    Just cs @=? fmap claims jwt  prop_stringOrURIProp = f     where f :: StringOrURI -> Bool