[Python-modules-commits] [python-social-auth] 99/322: Updated PyJWT Dependency
Wolfgang Borgert
debacle at moszumanska.debian.org
Sat Dec 24 15:12:54 UTC 2016
This is an automated email from the git hooks/post-receive script.
debacle pushed a commit to tag v0.2.10
in repository python-social-auth.
commit bdf69d67d109acfda1016d4a2a63a1cc0a3aba84
Author: Clinton Blackburn <clinton.blackburn at gmail.com>
Date: Fri Feb 6 02:08:30 2015 -0500
Updated PyJWT Dependency
- Using PyJWT 0.4.1 (or newer)
- Relying on PyJWT to verify ID token audience and issuer
---
requirements-python3.txt | 2 +-
requirements.txt | 2 +-
setup.py | 2 +-
social/backends/open_id.py | 15 +++------------
social/tests/backends/open_id.py | 4 ++--
social/tests/requirements-python3.txt | 2 +-
social/tests/requirements.txt | 2 +-
7 files changed, 10 insertions(+), 19 deletions(-)
diff --git a/requirements-python3.txt b/requirements-python3.txt
index bb7f4f5..22c68d3 100644
--- a/requirements-python3.txt
+++ b/requirements-python3.txt
@@ -3,4 +3,4 @@ requests>=1.1.0
oauthlib>=0.3.8
requests-oauthlib>=0.3.0,<0.3.2
six>=1.2.0
-PyJWT==0.2.1
+PyJWT==0.4.1
diff --git a/requirements.txt b/requirements.txt
index 960b9da..b0b0b95 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,4 @@ requests>=1.1.0
oauthlib>=0.3.8
requests-oauthlib>=0.3.0
six>=1.2.0
-PyJWT==0.2.1
+PyJWT==0.4.1
diff --git a/setup.py b/setup.py
index c947886..c6b4684 100644
--- a/setup.py
+++ b/setup.py
@@ -46,7 +46,7 @@ def get_packages():
return packages
-requires = ['requests>=1.1.0', 'oauthlib>=0.3.8', 'six>=1.2.0', 'PyJWT>=0.2.1']
+requires = ['requests>=1.1.0', 'oauthlib>=0.3.8', 'six>=1.2.0', 'PyJWT==0.4.1']
if PY3:
requires += ['python3-openid>=3.0.1',
'requests-oauthlib>=0.3.0,<0.3.2']
diff --git a/social/backends/open_id.py b/social/backends/open_id.py
index 0fd28f5..2c0cc0d 100644
--- a/social/backends/open_id.py
+++ b/social/backends/open_id.py
@@ -1,7 +1,7 @@
import datetime
from calendar import timegm
-from jwt import DecodeError, ExpiredSignature, decode as jwt_decode
+from jwt import InvalidTokenError, decode as jwt_decode
from openid.consumer.consumer import Consumer, SUCCESS, CANCEL, FAILURE
from openid.consumer.discover import DiscoveryFailure
@@ -327,24 +327,15 @@ class OpenIdConnectAuth(BaseOAuth2):
try:
# Decode the JWT and raise an error if the secret is invalid or
# the response has expired.
- id_token = jwt_decode(id_token, decryption_key)
- except (DecodeError, ExpiredSignature) as de:
+ id_token = jwt_decode(id_token, decryption_key, audience=client_id, issuer=self.ID_TOKEN_ISSUER)
+ except InvalidTokenError as de:
raise AuthTokenError(self, de)
- # Verify the issuer of the id_token is correct
- if id_token['iss'] != self.ID_TOKEN_ISSUER:
- raise AuthTokenError(self, 'Incorrect id_token: iss')
-
# Verify the token was issued in the last 10 minutes
utc_timestamp = timegm(datetime.datetime.utcnow().utctimetuple())
if id_token['iat'] < (utc_timestamp - 600):
raise AuthTokenError(self, 'Incorrect id_token: iat')
- # Verify this client is the correct recipient of the id_token
- aud = id_token.get('aud')
- if aud != client_id:
- raise AuthTokenError(self, 'Incorrect id_token: aud')
-
# Validate the nonce to ensure the request was not modified
nonce = id_token.get('nonce')
if not nonce:
diff --git a/social/tests/backends/open_id.py b/social/tests/backends/open_id.py
index c15a91d..e0d6e01 100644
--- a/social/tests/backends/open_id.py
+++ b/social/tests/backends/open_id.py
@@ -216,11 +216,11 @@ class OpenIdConnectTestMixin(object):
expiration_datetime=expiration_datetime)
def test_invalid_issuer(self):
- self.authtoken_raised('Token error: Incorrect id_token: iss',
+ self.authtoken_raised('Token error: Invalid issuer',
issuer='someone-else')
def test_invalid_audience(self):
- self.authtoken_raised('Token error: Incorrect id_token: aud',
+ self.authtoken_raised('Token error: Invalid audience',
client_key='someone-else')
def test_invalid_issue_time(self):
diff --git a/social/tests/requirements-python3.txt b/social/tests/requirements-python3.txt
index 5cc5bfc..ea2d989 100644
--- a/social/tests/requirements-python3.txt
+++ b/social/tests/requirements-python3.txt
@@ -3,5 +3,5 @@ coverage>=3.6
mock==1.0.1
nose>=1.2.1
requests>=1.1.0
-PyJWT==0.2.1
+PyJWT==0.4.1
unittest2py3k==0.5.1
diff --git a/social/tests/requirements.txt b/social/tests/requirements.txt
index e825447..c8a69d1 100644
--- a/social/tests/requirements.txt
+++ b/social/tests/requirements.txt
@@ -3,5 +3,5 @@ coverage>=3.6
mock==1.0.1
nose>=1.2.1
requests>=1.1.0
-PyJWT==0.2.1
+PyJWT==0.4.1
unittest2==0.5.1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-social-auth.git
More information about the Python-modules-commits
mailing list