diff options
author | Mark Adams <mark@markadams.me> | 2015-04-12 10:50:53 -0500 |
---|---|---|
committer | Mark Adams <mark@markadams.me> | 2015-04-12 14:47:37 -0500 |
commit | 8eb3537d0c627b2ee09d56f63baec78ee78130d0 (patch) | |
tree | 2080c4293c8b5185fd9ab0a4a021c47c0bffd9b7 | |
parent | 29f1ef91ab016aa242da1b6ed5a08d51961deb54 (diff) | |
download | pyjwt-8eb3537d0c627b2ee09d56f63baec78ee78130d0.tar.gz |
Added a deprecation warning for using verify= instead of options= on decode()
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | jwt/api.py | 3 | ||||
-rw-r--r-- | tests/test_api.py | 21 |
3 files changed, 25 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e2b77d..d687f31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ------------------------------------------------------------------------- ### Changed - Added flexible and complete verification options during decode #131 +- Deprecated usage of the .decode(..., verify=False) parameter - Added support for PS256, PS384, and PS512 algorithms. #132 - Added this CHANGELOG.md file @@ -1,5 +1,6 @@ import binascii import json +import warnings from calendar import timegm from collections import Mapping @@ -133,6 +134,8 @@ class PyJWT(object): key, algorithms) self._validate_claims(payload, options=merged_options, **kwargs) + else: + warnings.warn("The verify parameter is deprecated. Please use options instead.", DeprecationWarning) return payload diff --git a/tests/test_api.py b/tests/test_api.py index 2364cc2..13aa982 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -1,6 +1,7 @@ import json import time +import warnings from calendar import timegm from datetime import datetime, timedelta @@ -35,10 +36,18 @@ def utc_timestamp(): class TestAPI(unittest.TestCase): def setUp(self): # noqa + self.warnings_context = warnings.catch_warnings(record=True) + self.warnings = self.warnings_context.__enter__() + + warnings.simplefilter('always', DeprecationWarning) + self.payload = {'iss': 'jeff', 'exp': utc_timestamp() + 15, 'claim': 'insanity'} self.jwt = PyJWT() + def tearDown(self): # noqa + self.warnings_context.__exit__() + def test_register_algorithm_does_not_allow_duplicate_registration(self): self.jwt.register_algorithm('AAA', Algorithm()) @@ -356,6 +365,18 @@ class TestAPI(unittest.TestCase): self.assertEqual(decoded_payload, self.payload) + def test_verify_false_deprecated(self): + example_jwt = ( + b'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9' + b'.eyJoZWxsbyI6ICJ3b3JsZCJ9' + b'.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8') + + self.assertEqual(len(self.warnings), 0) + self.jwt.decode(example_jwt, verify=False) + + self.assertEqual(len(self.warnings), 1) + self.assertEqual(self.warnings[-1].category, DeprecationWarning) + def test_load_no_verification(self): right_secret = 'foo' jwt_message = self.jwt.encode(self.payload, right_secret) |