diff options
author | René Springer <r-springer@users.noreply.github.com> | 2017-11-26 20:03:06 -0800 |
---|---|---|
committer | Mark Adams <mark@markadams.me> | 2017-11-26 22:03:06 -0600 |
commit | 7f7d524b78ab98e42e9064f4f2bab5b6e126f766 (patch) | |
tree | b63fb037fa7a8bbc8e445f6e8bb30ef22ff6fa40 | |
parent | c1253ec82f88bc810884735d68c60f1f6cbd4c1e (diff) | |
download | pyjwt-7f7d524b78ab98e42e9064f4f2bab5b6e126f766.tar.gz |
Allow list of valid audiences to be passed in to PyJWT.decode() (#306)
Resolves #205,
-rw-r--r-- | AUTHORS | 2 | ||||
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | jwt/api_jws.py | 1 | ||||
-rw-r--r-- | jwt/api_jwt.py | 13 | ||||
-rw-r--r-- | jwt/contrib/algorithms/pycrypto.py | 1 | ||||
-rw-r--r-- | tests/test_api_jws.py | 1 | ||||
-rw-r--r-- | tests/test_api_jwt.py | 20 | ||||
-rw-r--r-- | tests/utils.py | 1 |
8 files changed, 31 insertions, 11 deletions
@@ -23,3 +23,5 @@ Patches and Suggestions - Wouter Bolsterlee <uws@xs4all.nl> - Michael Davis <mike.philip.davis@gmail.com> <mike.davis@workiva.com> + + - Vinod Gupta <codervinod@gmail.com> diff --git a/CHANGELOG.md b/CHANGELOG.md index 696a6a9..5793d70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Dropped support for python 2.6 and 3.3 [#297][297] +- Audience parameter now supports iterables [#205][205] + ### Fixed + ### Added [v1.5.3][1.5.3] diff --git a/jwt/api_jws.py b/jwt/api_jws.py index 223b22b..ad3ff6a 100644 --- a/jwt/api_jws.py +++ b/jwt/api_jws.py @@ -1,7 +1,6 @@ import binascii import json import warnings - from collections import Mapping from .algorithms import ( diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index 5ddc8a3..edef770 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -1,8 +1,7 @@ import json import warnings - from calendar import timegm -from collections import Mapping +from collections import Iterable, Mapping from datetime import datetime, timedelta from .api_jws import PyJWS @@ -103,8 +102,8 @@ class PyJWT(PyJWS): if isinstance(leeway, timedelta): leeway = leeway.total_seconds() - if not isinstance(audience, (string_types, type(None))): - raise TypeError('audience must be a string or None') + if not isinstance(audience, (string_types, type(None), Iterable)): + raise TypeError('audience must be a string, iterable, or None') self._validate_required_claims(payload, options) @@ -177,7 +176,11 @@ class PyJWT(PyJWS): raise InvalidAudienceError('Invalid claim format in token') if any(not isinstance(c, string_types) for c in audience_claims): raise InvalidAudienceError('Invalid claim format in token') - if audience not in audience_claims: + + if isinstance(audience, string_types): + audience = [audience] + + if not any(aud in audience_claims for aud in audience): raise InvalidAudienceError('Invalid audience') def _validate_iss(self, payload, issuer): diff --git a/jwt/contrib/algorithms/pycrypto.py b/jwt/contrib/algorithms/pycrypto.py index e6afaa5..e49cdbf 100644 --- a/jwt/contrib/algorithms/pycrypto.py +++ b/jwt/contrib/algorithms/pycrypto.py @@ -1,7 +1,6 @@ import Crypto.Hash.SHA256 import Crypto.Hash.SHA384 import Crypto.Hash.SHA512 - from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py index 4e440bd..60671a2 100644 --- a/tests/test_api_jws.py +++ b/tests/test_api_jws.py @@ -1,6 +1,5 @@ import json - from decimal import Decimal from jwt.algorithms import Algorithm diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index 8ce3f2c..58b47f2 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -1,7 +1,6 @@ import json import time - from calendar import timegm from datetime import datetime, timedelta from decimal import Decimal @@ -92,7 +91,7 @@ class TestJWT: jwt.decode(example_jwt, secret, audience=1) exception = context.value - assert str(exception) == 'audience must be a string or None' + assert str(exception) == 'audience must be a string, iterable, or None' def test_decode_with_nonlist_aud_claim_throws_exception(self, jwt): secret = 'secret' @@ -281,6 +280,23 @@ class TestJWT: token = jwt.encode(payload, 'secret') jwt.decode(token, 'secret', audience='urn:me') + def test_check_audience_list_when_valid(self, jwt): + payload = { + 'some': 'payload', + 'aud': 'urn:me' + } + token = jwt.encode(payload, 'secret') + jwt.decode(token, 'secret', audience=['urn:you', 'urn:me']) + + def test_raise_exception_invalid_audience_list(self, jwt): + payload = { + 'some': 'payload', + 'aud': 'urn:me' + } + token = jwt.encode(payload, 'secret') + with pytest.raises(InvalidAudienceError): + jwt.decode(token, 'secret', audience=['urn:you', 'urn:him']) + def test_check_audience_in_array_when_valid(self, jwt): payload = { 'some': 'payload', diff --git a/tests/utils.py b/tests/utils.py index 79c77b0..be189f2 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -1,6 +1,5 @@ import os import struct - from calendar import timegm from datetime import datetime |