pool/python-djangorestframework-simplejwt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 882386 from devel:languages:python

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/882386
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-djangorestframework-simplejwt?expand=0&rev=4
This commit is contained in:
Richard Brown 2021-04-01 12:17:56 +00:00 committed by Git OBS Bridge
commit 27ac0547c0
5 changed files with 181 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
djangorestframework_simplejwt-4.4.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a5d196f1a6891901309ec4e41149d04a78a57fe7f72305f870df929e9308058c
size 44797

3
djangorestframework_simplejwt-4.6.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:44dfb28395a7fbc409bfc8403d77f0c936c5420f4f02c22989d51b39a9e295cd
size 60090

164
jwt2.patch Normal file
View File

@ -0,0 +1,164 @@
From ae1ea58daacb76a1d72e202198734053022a6efe Mon Sep 17 00:00:00 2001
From: Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Date: Mon, 22 Feb 2021 16:51:38 +0100
Subject: [PATCH] Support jwt 2 (#376)
* Add PyJWT 2.0.0 support
* Many tests relied on passing a payload into encode and changing it payload by reference.
In PyJWT 2.0.0, the payload is copied (`dict.copy()`).
* Verify was deprecated in favor of using the option verify_signature. This is reflected in backends.py. Unless you wrote verify=False, you are not effected by this change.
* Isort lint
Co-authored-by: Andrew-Chen-Wang <acwangpython@gmail.com>
---
rest_framework_simplejwt/backends.py | 8 +++--
tests/test_backends.py | 44 ++++++++++++++++++----------
2 files changed, 33 insertions(+), 19 deletions(-)
diff --git a/rest_framework_simplejwt/backends.py b/rest_framework_simplejwt/backends.py
index 887ecac..de7128a 100644
--- a/rest_framework_simplejwt/backends.py
+++ b/rest_framework_simplejwt/backends.py
@@ -65,9 +65,11 @@ def decode(self, token, verify=True):
signature check fails, or if its 'exp' claim indicates it has expired.
"""
try:
- return jwt.decode(token, self.verifying_key, algorithms=[self.algorithm], verify=verify,
- audience=self.audience, issuer=self.issuer,
- options={'verify_aud': self.audience is not None})
+ return jwt.decode(
+ token, self.verifying_key, algorithms=[self.algorithm], verify=verify,
+ audience=self.audience, issuer=self.issuer,
+ options={'verify_aud': self.audience is not None, "verify_signature": verify}
+ )
except InvalidAlgorithmError as ex:
raise TokenBackendError(_('Invalid algorithm specified')) from ex
except InvalidTokenError:
diff --git a/tests/test_backends.py b/tests/test_backends.py
index f9a9a23..bfb8da6 100644
--- a/tests/test_backends.py
+++ b/tests/test_backends.py
@@ -3,11 +3,13 @@
import jwt
from django.test import TestCase
-from jwt import PyJWT, algorithms
+from jwt import PyJWS, algorithms
from rest_framework_simplejwt.backends import TokenBackend
from rest_framework_simplejwt.exceptions import TokenBackendError
-from rest_framework_simplejwt.utils import aware_utcnow, make_utc
+from rest_framework_simplejwt.utils import (
+ aware_utcnow, datetime_to_epoch, make_utc,
+)
SECRET = 'not_secret'
@@ -163,9 +165,9 @@ def test_decode_hmac_with_expiry(self):
def test_decode_hmac_with_invalid_sig(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256')
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
@@ -176,9 +178,11 @@ def test_decode_hmac_with_invalid_sig(self):
def test_decode_hmac_with_invalid_sig_no_verify(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
@@ -193,7 +197,9 @@ def test_decode_hmac_success(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
self.payload['foo'] = 'baz'
- token = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8')
+ token = jwt.encode(self.payload, SECRET, algorithm='HS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(self.hmac_token_backend.decode(token), self.payload)
@@ -220,9 +226,9 @@ def test_decode_rsa_with_expiry(self):
def test_decode_rsa_with_invalid_sig(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
@@ -233,13 +239,15 @@ def test_decode_rsa_with_invalid_sig(self):
def test_decode_rsa_with_invalid_sig_no_verify(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
invalid_token = token_2_payload + '.' + token_1_sig
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(
self.hmac_token_backend.decode(invalid_token, verify=False),
@@ -250,7 +258,9 @@ def test_decode_rsa_success(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
self.payload['foo'] = 'baz'
- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(self.rsa_token_backend.decode(token), self.payload)
@@ -260,21 +270,23 @@ def test_decode_aud_iss_success(self):
self.payload['aud'] = AUDIENCE
self.payload['iss'] = ISSUER
- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(self.aud_iss_token_backend.decode(token), self.payload)
def test_decode_when_algorithm_not_available(self):
- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
- pyjwt_without_rsa = PyJWT()
+ pyjwt_without_rsa = PyJWS()
pyjwt_without_rsa.unregister_algorithm('RS256')
with patch.object(jwt, 'decode', new=pyjwt_without_rsa.decode):
with self.assertRaisesRegex(TokenBackendError, 'Invalid algorithm specified'):
self.rsa_token_backend.decode(token)
def test_decode_when_token_algorithm_does_not_match(self):
- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
with self.assertRaisesRegex(TokenBackendError, 'Invalid algorithm specified'):
self.hmac_token_backend.decode(token)

9
python-djangorestframework-simplejwt.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed Mar 31 14:25:07 UTC 2021 - Markéta Machová <mmachova@suse.com>
- Update to 4.6.0
* Restored Python 3.7 support
* Added Indonesian translations
* Fixed Django 4.0 re_path deprecation
- Add patch jwt2.patch for PyJWT>=2.0.0 support
-------------------------------------------------------------------
Fri Jul 24 07:55:24 UTC 2020 - John Vandenberg <jayvdb@gmail.com>

7
python-djangorestframework-simplejwt.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package python-djangorestframework-simplejwt
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -19,13 +19,15 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-djangorestframework-simplejwt
Version: 4.4.0
Version: 4.6.0
Release: 0
Summary: JSON Web Token authentication for Django REST Framework
License: MIT
Group: Development/Languages/Python
URL: https://github.com/davesque/django-rest-framework-simplejwt
Source: https://github.com/davesque/django-rest-framework-simplejwt/archive/v%{version}.tar.gz#/djangorestframework_simplejwt-%{version}.tar.gz
# PATCH-FIX-UPSTREAM https://github.com/jazzband/django-rest-framework-simplejwt/commit/ae1ea58daacb76a1d72e202198734053022a6efe Support jwt 2
Patch0: jwt2.patch
BuildRequires: %{python_module PyJWT}
BuildRequires: %{python_module djangorestframework}
BuildRequires: %{python_module pytest-django}
@ -44,6 +46,7 @@ A minimal JSON Web Token authentication plugin for the Django REST Framework.
%prep
%setup -q -n django-rest-framework-simplejwt-%{version}
%autopatch -p1
%build
export LANG=en_US.UTF-8