diff options
| author | Mark Adams <mark@markadams.me> | 2017-04-17 08:25:39 -0500 |
|---|---|---|
| committer | Mark Adams <mark@markadams.me> | 2017-04-17 08:34:12 -0500 |
| commit | 3447f0c0eb7de46042b5cda975d37e361168bf60 (patch) | |
| tree | d435cb09b5aa15580527b0d41b6d9e32d3f6fc4b | |
| parent | 8f3a2a8a4098693357b69d63a1dbec514ed7c701 (diff) | |
| download | pyjwt-190-remove-iat-verification.tar.gz | |
Non-numeric 'iat' now raises InvalidIssuedAtError on decode()190-remove-iat-verification
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | docs/usage.rst | 2 | ||||
| -rw-r--r-- | jwt/api_jwt.py | 2 | ||||
| -rw-r--r-- | tests/test_api_jwt.py | 2 |
4 files changed, 6 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d377d50..a84f2bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230] - Tokens with future 'iat' values are no longer rejected [#190][190] +- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError + ### Fixed diff --git a/docs/usage.rst b/docs/usage.rst index 14a2bf7..a485a94 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -180,6 +180,8 @@ Issued At Claim (iat) This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL. + If the `iat` claim is not a number, an `jwt.InvalidIssuedAtError` exception will be raised. + .. code-block:: python jwt.encode({'iat': 1371720939}, 'secret') diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index 059c4a0..bca6823 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -123,7 +123,7 @@ class PyJWT(PyJWS): try: int(payload['iat']) except ValueError: - raise DecodeError('Issued At claim (iat) must be an integer.') + raise InvalidIssuedAtError('Issued At claim (iat) must be an integer.') def _validate_nbf(self, payload, now, leeway): try: diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index bc9bda8..61de6e0 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -142,7 +142,7 @@ class TestJWT: 'eyJpYXQiOiJub3QtYW4taW50In0.' 'H1GmcQgSySa5LOKYbzGm--b1OmRbHFkyk8pq811FzZM') - with pytest.raises(DecodeError): + with pytest.raises(InvalidIssuedAtError): jwt.decode(example_jwt, 'secret') def test_decode_raises_exception_if_nbf_is_not_int(self, jwt): |