Moved claims validation into a seperate private method to make it simpler to understand the code.

author: Mark Adams <mark@markadams.me> 2015-03-29 14:44:07 -0500
committer: Mark Adams <mark@markadams.me> 2015-03-29 14:46:10 -0500
commit: 624cef3b7ab323b77b265d1217d55ecfff893c25 (patch)
tree: ff4d19d57aa60f624f896df230cf8743126476da
parent: b0dbb83c1bcc8e2ec700c8da887b8dd13f21ddc2 (diff)
download: pyjwt-624cef3b7ab323b77b265d1217d55ecfff893c25.tar.gz
2 files changed, 13 insertions, 12 deletions
diff --git a/jwt/api.py b/jwt/api.py
index 201bffd..03585b3 100644
--- a/jwt/api.py
+++ b/jwt/api.py
@@ -114,7 +114,9 @@ class PyJWT(object):
 
         if verify:
             self._verify_signature(payload, signing_input, header, signature,
-                                   key, algorithms, **kwargs)
+                                   key, algorithms)
+
+            self._validate_claims(payload, **kwargs)
 
         return payload
 
@@ -157,20 +159,13 @@ class PyJWT(object):
         return (payload, signing_input, header, signature)
 
     def _verify_signature(self, payload, signing_input, header, signature,
-                          key='', algorithms=None, verify_expiration=True, leeway=0,
-                          audience=None, issuer=None):
+                          key='', algorithms=None):
 
         alg = header['alg']
 
         if algorithms is not None and alg not in algorithms:
             raise InvalidAlgorithmError('The specified alg value is not allowed')
 
-        if isinstance(leeway, timedelta):
-            leeway = timedelta_total_seconds(leeway)
-
-        if not isinstance(audience, (string_types, type(None))):
-            raise TypeError('audience must be a string or None')
-
         try:
             alg_obj = self._algorithms[alg]
             key = alg_obj.prepare_key(key)
@@ -181,6 +176,14 @@ class PyJWT(object):
         except KeyError:
             raise InvalidAlgorithmError('Algorithm not supported')
 
+    def _validate_claims(self, payload, verify_expiration=True, leeway=0,
+                         audience=None, issuer=None):
+        if isinstance(leeway, timedelta):
+            leeway = timedelta_total_seconds(leeway)
+
+        if not isinstance(audience, (string_types, type(None))):
+            raise TypeError('audience must be a string or None')
+
         if 'iat' in payload:
             try:
                 int(payload['iat'])
@@ -228,6 +231,7 @@ class PyJWT(object):
             if payload.get('iss') != issuer:
                 raise InvalidIssuerError('Invalid issuer')
 
+
 _jwt_global_obj = PyJWT()
 encode = _jwt_global_obj.encode
 decode = _jwt_global_obj.decode
diff --git a/tests/test_api.py b/tests/test_api.py
index 1e3ff2c..704f1be 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -479,9 +479,6 @@ class TestAPI(unittest.TestCase):
         for leeway in (3, timedelta(seconds=3)):
             self.jwt.decode(jwt_message, secret, leeway=leeway)
 
-            self.jwt._verify_signature(decoded_payload, signing, header,
-                                       signature, secret, leeway=leeway)
-
         # With 1 seconds, should fail
         for leeway in (1, timedelta(seconds=1)):
             with self.assertRaises(ExpiredSignatureError):
author	Mark Adams <mark@markadams.me>	2015-03-29 14:44:07 -0500
committer	Mark Adams <mark@markadams.me>	2015-03-29 14:46:10 -0500
commit	624cef3b7ab323b77b265d1217d55ecfff893c25 (patch)
tree	ff4d19d57aa60f624f896df230cf8743126476da
parent	b0dbb83c1bcc8e2ec700c8da887b8dd13f21ddc2 (diff)
download	pyjwt-624cef3b7ab323b77b265d1217d55ecfff893c25.tar.gz