diff options
author | Aarni Koskela <akx@iki.fi> | 2022-04-05 20:18:21 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-05 23:18:21 +0600 |
commit | 3d4d82248f1120c87f1f4e0e8793eaa1d54843a6 (patch) | |
tree | bc9a3bfc663e9c800b5706aaa309841277e18fcc | |
parent | 1f1fe15bb41846c602b3e106176b2c692b93a613 (diff) | |
download | pyjwt-3d4d82248f1120c87f1f4e0e8793eaa1d54843a6.tar.gz |
Don't mutate options dictionary in .decode_complete() (#743)
Fixes #679
-rw-r--r-- | jwt/api_jwt.py | 6 | ||||
-rw-r--r-- | tests/test_api_jwt.py | 8 |
2 files changed, 10 insertions, 4 deletions
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index da9d481..5e11bc8 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -71,10 +71,8 @@ class PyJWT: options: Optional[Dict] = None, **kwargs, ) -> Dict[str, Any]: - if options is None: - options = {"verify_signature": True} - else: - options.setdefault("verify_signature", True) + options = dict(options or {}) # shallow-copy or initialize an empty dict + options.setdefault("verify_signature", True) # If the user has set the legacy `verify` argument, and it doesn't match # what the relevant `options` entry for the argument is, inform the user diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index 57cc4ae..84e41e0 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -674,3 +674,11 @@ class TestJWT: jwt.decode( jwt_message, secret, verify=True, options={"verify_signature": False} ) + + def test_decode_no_options_mutation(self, jwt, payload): + options = {"verify_signature": True} + orig_options = options.copy() + secret = "secret" + jwt_message = jwt.encode(payload, secret) + jwt.decode(jwt_message, secret, options=options, algorithms=["HS256"]) + assert options == orig_options |