diff --git a/djangorestframework_simplejwt-4.4.0.tar.gz b/djangorestframework_simplejwt-4.4.0.tar.gz deleted file mode 100644 index ae9609f..0000000 --- a/djangorestframework_simplejwt-4.4.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a5d196f1a6891901309ec4e41149d04a78a57fe7f72305f870df929e9308058c -size 44797 diff --git a/djangorestframework_simplejwt-4.6.0.tar.gz b/djangorestframework_simplejwt-4.6.0.tar.gz new file mode 100644 index 0000000..64316ed --- /dev/null +++ b/djangorestframework_simplejwt-4.6.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:44dfb28395a7fbc409bfc8403d77f0c936c5420f4f02c22989d51b39a9e295cd +size 60090 diff --git a/jwt2.patch b/jwt2.patch new file mode 100644 index 0000000..62aa142 --- /dev/null +++ b/jwt2.patch @@ -0,0 +1,164 @@ +From ae1ea58daacb76a1d72e202198734053022a6efe Mon Sep 17 00:00:00 2001 +From: Riccardo Magliocchetti +Date: Mon, 22 Feb 2021 16:51:38 +0100 +Subject: [PATCH] Support jwt 2 (#376) + +* Add PyJWT 2.0.0 support + +* Many tests relied on passing a payload into encode and changing it payload by reference. + In PyJWT 2.0.0, the payload is copied (`dict.copy()`). +* Verify was deprecated in favor of using the option verify_signature. This is reflected in backends.py. Unless you wrote verify=False, you are not effected by this change. + +* Isort lint + +Co-authored-by: Andrew-Chen-Wang +--- + rest_framework_simplejwt/backends.py | 8 +++-- + tests/test_backends.py | 44 ++++++++++++++++++---------- + 2 files changed, 33 insertions(+), 19 deletions(-) + +diff --git a/rest_framework_simplejwt/backends.py b/rest_framework_simplejwt/backends.py +index 887ecac..de7128a 100644 +--- a/rest_framework_simplejwt/backends.py ++++ b/rest_framework_simplejwt/backends.py +@@ -65,9 +65,11 @@ def decode(self, token, verify=True): + signature check fails, or if its 'exp' claim indicates it has expired. + """ + try: +- return jwt.decode(token, self.verifying_key, algorithms=[self.algorithm], verify=verify, +- audience=self.audience, issuer=self.issuer, +- options={'verify_aud': self.audience is not None}) ++ return jwt.decode( ++ token, self.verifying_key, algorithms=[self.algorithm], verify=verify, ++ audience=self.audience, issuer=self.issuer, ++ options={'verify_aud': self.audience is not None, "verify_signature": verify} ++ ) + except InvalidAlgorithmError as ex: + raise TokenBackendError(_('Invalid algorithm specified')) from ex + except InvalidTokenError: +diff --git a/tests/test_backends.py b/tests/test_backends.py +index f9a9a23..bfb8da6 100644 +--- a/tests/test_backends.py ++++ b/tests/test_backends.py +@@ -3,11 +3,13 @@ + + import jwt + from django.test import TestCase +-from jwt import PyJWT, algorithms ++from jwt import PyJWS, algorithms + + from rest_framework_simplejwt.backends import TokenBackend + from rest_framework_simplejwt.exceptions import TokenBackendError +-from rest_framework_simplejwt.utils import aware_utcnow, make_utc ++from rest_framework_simplejwt.utils import ( ++ aware_utcnow, datetime_to_epoch, make_utc, ++) + + SECRET = 'not_secret' + +@@ -163,9 +165,9 @@ def test_decode_hmac_with_expiry(self): + + def test_decode_hmac_with_invalid_sig(self): + self.payload['exp'] = aware_utcnow() + timedelta(days=1) +- token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8') ++ token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256') + self.payload['foo'] = 'baz' +- token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8') ++ token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256') + + token_2_payload = token_2.rsplit('.', 1)[0] + token_1_sig = token_1.rsplit('.', 1)[-1] +@@ -176,9 +178,11 @@ def test_decode_hmac_with_invalid_sig(self): + + def test_decode_hmac_with_invalid_sig_no_verify(self): + self.payload['exp'] = aware_utcnow() + timedelta(days=1) +- token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8') ++ token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256') + self.payload['foo'] = 'baz' +- token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8') ++ token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256') ++ # Payload copied ++ self.payload["exp"] = datetime_to_epoch(self.payload["exp"]) + + token_2_payload = token_2.rsplit('.', 1)[0] + token_1_sig = token_1.rsplit('.', 1)[-1] +@@ -193,7 +197,9 @@ def test_decode_hmac_success(self): + self.payload['exp'] = aware_utcnow() + timedelta(days=1) + self.payload['foo'] = 'baz' + +- token = jwt.encode(self.payload, SECRET, algorithm='HS256').decode('utf-8') ++ token = jwt.encode(self.payload, SECRET, algorithm='HS256') ++ # Payload copied ++ self.payload["exp"] = datetime_to_epoch(self.payload["exp"]) + + self.assertEqual(self.hmac_token_backend.decode(token), self.payload) + +@@ -220,9 +226,9 @@ def test_decode_rsa_with_expiry(self): + + def test_decode_rsa_with_invalid_sig(self): + self.payload['exp'] = aware_utcnow() + timedelta(days=1) +- token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') + self.payload['foo'] = 'baz' +- token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') + + token_2_payload = token_2.rsplit('.', 1)[0] + token_1_sig = token_1.rsplit('.', 1)[-1] +@@ -233,13 +239,15 @@ def test_decode_rsa_with_invalid_sig(self): + + def test_decode_rsa_with_invalid_sig_no_verify(self): + self.payload['exp'] = aware_utcnow() + timedelta(days=1) +- token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') + self.payload['foo'] = 'baz' +- token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') + + token_2_payload = token_2.rsplit('.', 1)[0] + token_1_sig = token_1.rsplit('.', 1)[-1] + invalid_token = token_2_payload + '.' + token_1_sig ++ # Payload copied ++ self.payload["exp"] = datetime_to_epoch(self.payload["exp"]) + + self.assertEqual( + self.hmac_token_backend.decode(invalid_token, verify=False), +@@ -250,7 +258,9 @@ def test_decode_rsa_success(self): + self.payload['exp'] = aware_utcnow() + timedelta(days=1) + self.payload['foo'] = 'baz' + +- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') ++ # Payload copied ++ self.payload["exp"] = datetime_to_epoch(self.payload["exp"]) + + self.assertEqual(self.rsa_token_backend.decode(token), self.payload) + +@@ -260,21 +270,23 @@ def test_decode_aud_iss_success(self): + self.payload['aud'] = AUDIENCE + self.payload['iss'] = ISSUER + +- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') ++ # Payload copied ++ self.payload["exp"] = datetime_to_epoch(self.payload["exp"]) + + self.assertEqual(self.aud_iss_token_backend.decode(token), self.payload) + + def test_decode_when_algorithm_not_available(self): +- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') + +- pyjwt_without_rsa = PyJWT() ++ pyjwt_without_rsa = PyJWS() + pyjwt_without_rsa.unregister_algorithm('RS256') + with patch.object(jwt, 'decode', new=pyjwt_without_rsa.decode): + with self.assertRaisesRegex(TokenBackendError, 'Invalid algorithm specified'): + self.rsa_token_backend.decode(token) + + def test_decode_when_token_algorithm_does_not_match(self): +- token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256').decode('utf-8') ++ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256') + + with self.assertRaisesRegex(TokenBackendError, 'Invalid algorithm specified'): + self.hmac_token_backend.decode(token) diff --git a/python-djangorestframework-simplejwt.changes b/python-djangorestframework-simplejwt.changes index da26216..db8cc91 100644 --- a/python-djangorestframework-simplejwt.changes +++ b/python-djangorestframework-simplejwt.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Mar 31 14:25:07 UTC 2021 - Markéta Machová + +- Update to 4.6.0 + * Restored Python 3.7 support + * Added Indonesian translations + * Fixed Django 4.0 re_path deprecation +- Add patch jwt2.patch for PyJWT>=2.0.0 support + ------------------------------------------------------------------- Fri Jul 24 07:55:24 UTC 2020 - John Vandenberg diff --git a/python-djangorestframework-simplejwt.spec b/python-djangorestframework-simplejwt.spec index c6b5792..f404b7d 100644 --- a/python-djangorestframework-simplejwt.spec +++ b/python-djangorestframework-simplejwt.spec @@ -1,7 +1,7 @@ # # spec file for package python-djangorestframework-simplejwt # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,13 +19,15 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-djangorestframework-simplejwt -Version: 4.4.0 +Version: 4.6.0 Release: 0 Summary: JSON Web Token authentication for Django REST Framework License: MIT Group: Development/Languages/Python URL: https://github.com/davesque/django-rest-framework-simplejwt Source: https://github.com/davesque/django-rest-framework-simplejwt/archive/v%{version}.tar.gz#/djangorestframework_simplejwt-%{version}.tar.gz +# PATCH-FIX-UPSTREAM https://github.com/jazzband/django-rest-framework-simplejwt/commit/ae1ea58daacb76a1d72e202198734053022a6efe Support jwt 2 +Patch0: jwt2.patch BuildRequires: %{python_module PyJWT} BuildRequires: %{python_module djangorestframework} BuildRequires: %{python_module pytest-django} @@ -44,6 +46,7 @@ A minimal JSON Web Token authentication plugin for the Django REST Framework. %prep %setup -q -n django-rest-framework-simplejwt-%{version} +%autopatch -p1 %build export LANG=en_US.UTF-8