jwt 0.5.0 → 0.5.1
raw patch · 5 files changed
+39/−3 lines, 5 filesdep +lensdep +lens-aesonPVP ok
version bump matches the API change (PVP)
Dependencies added: lens, lens-aeson
API changes (from Hackage documentation)
Files
- changelog +8/−0
- jwt.cabal +3/−1
- src/Web/JWT.hs +5/−2
- tests/src/TestRunner.hs +2/−0
- tests/src/Web/JWTTests.hs +21/−0
changelog view
@@ -1,3 +1,11 @@+2015-01-03 0.5.1+================++ * Fix the encoding of the `aud` part of the claim.+ Thanks to Aaron Levin for reporting and implementing the change.+ In addition to the fix we now also verify the shape fo the generated+ payload.+ 2014-12-01 0.5.0 ================
jwt.cabal view
@@ -2,7 +2,7 @@ -- documentation, see http://haskell.org/cabal/users-guide/ name: jwt-version: 0.5.0+version: 0.5.1 synopsis: JSON Web Token (JWT) decoding and encoding license: MIT license-file: LICENSE@@ -75,6 +75,8 @@ , tasty-th >= 0.1 , tasty-hunit >= 0.4 , tasty-quickcheck >= 0.3+ , lens-aeson+ , lens , HUnit , QuickCheck >= 2.4.0.1 , cryptohash
src/Web/JWT.hs view
@@ -402,7 +402,7 @@ toJSON JWTClaimsSet{..} = object $ catMaybes [ fmap ("iss" .=) iss , fmap ("sub" .=) sub- , fmap ("aud" .=) aud+ , either ("aud" .=) ("aud" .=) <$> aud , fmap ("exp" .=) exp , fmap ("nbf" .=) nbf , fmap ("iat" .=) iat@@ -415,7 +415,10 @@ (\o -> JWTClaimsSet <$> o .:? "iss" <*> o .:? "sub"- <*> o .:? "aud"+ <*> case StrictMap.lookup "aud" o of+ (Just as@(JSON.Array _)) -> Just <$> Right <$> parseJSON as+ (Just (JSON.String t)) -> pure $ Left <$> stringOrURI t+ _ -> pure Nothing <*> o .:? "exp" <*> o .:? "nbf" <*> o .:? "iat"
tests/src/TestRunner.hs view
@@ -1,6 +1,7 @@ module Main where import qualified Web.JWTTests+import qualified Web.JWTInteropTests import qualified Web.Base64Tests import Test.Tasty @@ -10,6 +11,7 @@ tests :: TestTree tests = testGroup "JWT Tests" [ Web.JWTTests.defaultTestGroup+ , Web.JWTInteropTests.defaultTestGroup , Web.Base64Tests.defaultTestGroup ]
tests/src/Web/JWTTests.hs view
@@ -143,6 +143,27 @@ jwt = decodeAndVerifySignature secret' $ encodeSigned HS256 secret' cs Just cs @=? fmap claims jwt +case_encodeDecodeJWTClaimsSetWithSingleAud = do+ let now = 1234+ cs = def {+ iss = stringOrURI "Foo"+ , aud = Left <$> stringOrURI "single-audience"+ , iat = intDate now+ }+ let secret' = secret "secret"+ jwt = decodeAndVerifySignature secret' $ encodeSigned HS256 secret' cs+ Just cs @=? fmap claims jwt++case_encodeDecodeJWTClaimsSetWithMultipleAud = do+ let now = 1234+ cs = def {+ iss = stringOrURI "Foo"+ , aud = Right <$> (:[]) <$> stringOrURI "audience"+ , iat = intDate now+ }+ let secret' = secret "secret"+ jwt = decodeAndVerifySignature secret' $ encodeSigned HS256 secret' cs+ Just cs @=? fmap claims jwt prop_stringOrURIProp = f where f :: StringOrURI -> Bool