diff options
author | Jon Dufresne <jon.dufresne@gmail.com> | 2020-12-19 06:09:13 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-19 09:09:13 -0500 |
commit | 2e1e69d4ddfddaba35b6ee99ead1b430654ed661 (patch) | |
tree | 93dbe9669d16c8965f922e55b820dfb38acb9d79 | |
parent | 2e9f866f3b9f0542ba80c1b986b6129b63a694c6 (diff) | |
download | pyjwt-2e1e69d4ddfddaba35b6ee99ead1b430654ed661.tar.gz |
Do not mutate the input payload in PyJWT.encode() (#557)
-rw-r--r-- | jwt/api_jwt.py | 1 | ||||
-rw-r--r-- | tests/test_api_jwt.py | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index 68597a8..06c89f4 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -47,6 +47,7 @@ class PyJWT(PyJWS): ) # Payload + payload = payload.copy() for time_claim in ["exp", "iat", "nbf"]: # Convert datetime to a intDate value in known time-format claims if isinstance(payload.get(time_claim), datetime): diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index 83177bf..35ba6ba 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -210,6 +210,12 @@ class TestJWT: assert decoded_payload["nbf"] == timegm( current_datetime.utctimetuple() ) + # payload is not mutated. + assert payload == { + "exp": current_datetime, + "iat": current_datetime, + "nbf": current_datetime, + } # 'Control' Elliptic Curve JWT created by another library. # Used to test for regressions that could affect both |