diff options
| author | José Padilla <jpadilla@webapplicate.com> | 2017-06-21 16:04:35 -0400 |
|---|---|---|
| committer | José Padilla <jpadilla@webapplicate.com> | 2017-06-22 09:58:04 -0400 |
| commit | 11f30c4050a11b6398d38f505578c9dabeba6c78 (patch) | |
| tree | 1c27aaa4f23ed5d108cbaa2936446ffd0073e7e2 | |
| parent | 37926ea0dd207db070b45473438853447e4c1392 (diff) | |
| download | pyjwt-11f30c4050a11b6398d38f505578c9dabeba6c78.tar.gz | |
Add warning when decoding with no algorithms specified
| -rw-r--r-- | jwt/api_jws.py | 9 | ||||
| -rw-r--r-- | jwt/api_jwt.py | 9 | ||||
| -rw-r--r-- | tests/test_api_jws.py | 10 | ||||
| -rw-r--r-- | tests/test_api_jwt.py | 10 |
4 files changed, 38 insertions, 0 deletions
diff --git a/jwt/api_jws.py b/jwt/api_jws.py index ace5a62..2842258 100644 --- a/jwt/api_jws.py +++ b/jwt/api_jws.py @@ -117,6 +117,15 @@ class PyJWS(object): def decode(self, jws, key='', verify=True, algorithms=None, options=None, **kwargs): + + if not algorithms: + warnings.warn( + 'It is strongly recommended that you pass in a ' + + 'value for the "algorithms" argument when calling decode(). ' + + 'This argument will be mandatory in a future version.', + DeprecationWarning + ) + payload, signing_input, header, signature = self._load(jws) if verify: diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index 72ad58c..4d3c927 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -58,6 +58,15 @@ class PyJWT(PyJWS): def decode(self, jwt, key='', verify=True, algorithms=None, options=None, **kwargs): + + if not algorithms: + warnings.warn( + 'It is strongly recommended that you pass in a ' + + 'value for the "algorithms" argument when calling decode(). ' + + 'This argument will be mandatory in a future version.', + DeprecationWarning + ) + payload, signing_input, header, signature = self._load(jwt) if options is None: diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py index 053dd11..c90fda2 100644 --- a/tests/test_api_jws.py +++ b/tests/test_api_jws.py @@ -265,6 +265,16 @@ class TestJWS: pytest.deprecated_call(jws.decode, example_jws, verify=False) + def test_decode_with_optional_algorithms(self, jws): + example_secret = 'secret' + example_jws = ( + b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.' + b'aGVsbG8gd29ybGQ.' + b'SIr03zM64awWRdPrAM_61QWsZchAtgDV3pphfHPPWkI' + ) + + pytest.deprecated_call(jws.decode, example_jws, key=example_secret) + def test_load_no_verification(self, jws, payload): right_secret = 'foo' jws_message = jws.encode(payload, right_secret) diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index 61de6e0..798e4b7 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -472,3 +472,13 @@ class TestJWT: secret, verify_expiration=True ) + + def test_decode_with_optional_algorithms(self, jwt, payload): + secret = 'secret' + jwt_message = jwt.encode(payload, secret) + + pytest.deprecated_call( + jwt.decode, + jwt_message, + secret + ) |