diff options
author | Mark Adams <mark@markadams.me> | 2015-03-29 14:44:07 -0500 |
---|---|---|
committer | Mark Adams <mark@markadams.me> | 2015-03-29 14:46:10 -0500 |
commit | 624cef3b7ab323b77b265d1217d55ecfff893c25 (patch) | |
tree | ff4d19d57aa60f624f896df230cf8743126476da | |
parent | b0dbb83c1bcc8e2ec700c8da887b8dd13f21ddc2 (diff) | |
download | pyjwt-624cef3b7ab323b77b265d1217d55ecfff893c25.tar.gz |
Moved claims validation into a seperate private method to make it simpler to understand the code.
-rw-r--r-- | jwt/api.py | 22 | ||||
-rw-r--r-- | tests/test_api.py | 3 |
2 files changed, 13 insertions, 12 deletions
@@ -114,7 +114,9 @@ class PyJWT(object): if verify: self._verify_signature(payload, signing_input, header, signature, - key, algorithms, **kwargs) + key, algorithms) + + self._validate_claims(payload, **kwargs) return payload @@ -157,20 +159,13 @@ class PyJWT(object): return (payload, signing_input, header, signature) def _verify_signature(self, payload, signing_input, header, signature, - key='', algorithms=None, verify_expiration=True, leeway=0, - audience=None, issuer=None): + key='', algorithms=None): alg = header['alg'] if algorithms is not None and alg not in algorithms: raise InvalidAlgorithmError('The specified alg value is not allowed') - if isinstance(leeway, timedelta): - leeway = timedelta_total_seconds(leeway) - - if not isinstance(audience, (string_types, type(None))): - raise TypeError('audience must be a string or None') - try: alg_obj = self._algorithms[alg] key = alg_obj.prepare_key(key) @@ -181,6 +176,14 @@ class PyJWT(object): except KeyError: raise InvalidAlgorithmError('Algorithm not supported') + def _validate_claims(self, payload, verify_expiration=True, leeway=0, + audience=None, issuer=None): + if isinstance(leeway, timedelta): + leeway = timedelta_total_seconds(leeway) + + if not isinstance(audience, (string_types, type(None))): + raise TypeError('audience must be a string or None') + if 'iat' in payload: try: int(payload['iat']) @@ -228,6 +231,7 @@ class PyJWT(object): if payload.get('iss') != issuer: raise InvalidIssuerError('Invalid issuer') + _jwt_global_obj = PyJWT() encode = _jwt_global_obj.encode decode = _jwt_global_obj.decode diff --git a/tests/test_api.py b/tests/test_api.py index 1e3ff2c..704f1be 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -479,9 +479,6 @@ class TestAPI(unittest.TestCase): for leeway in (3, timedelta(seconds=3)): self.jwt.decode(jwt_message, secret, leeway=leeway) - self.jwt._verify_signature(decoded_payload, signing, header, - signature, secret, leeway=leeway) - # With 1 seconds, should fail for leeway in (1, timedelta(seconds=1)): with self.assertRaises(ExpiredSignatureError): |