Added tests to cover invalid string validations on HMAC

author: Mark Adams <mark@markadams.me> 2015-03-17 20:21:43 -0500
committer: Mark Adams <mark@markadams.me> 2015-03-17 20:21:43 -0500
commit: f6d0ff2778a4f3d2f57935e5f7ed0006fe219d4c (patch)
tree: fdea98e3f4936948519994441431bd9fda6f869f /jwt/algorithms.py
parent: 14c5f46391aa1fbaf07be4905998a70dcededa62 (diff)
download: pyjwt-f6d0ff2778a4f3d2f57935e5f7ed0006fe219d4c.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
index f539b5e..b22a1d9 100644
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@@ -103,7 +103,13 @@ class HMACAlgorithm(Algorithm):
         if isinstance(key, text_type):
             key = key.encode('utf-8')
 
-        if (b'-----BEGIN PUBLIC KEY-----' in key or b'-----BEGIN CERTIFICATE-----' in key):
+        invalid_strings = [
+            b'-----BEGIN PUBLIC KEY-----',
+            b'-----BEGIN CERTIFICATE-----',
+            b'ssh-rsa'
+        ]
+
+        if any([string_value in key for string_value in invalid_strings]):
             raise InvalidKeyError(
                 'The specified key is an assymetric key or x509 certificate and'
                 ' should not be used as an HMAC secret.')
author	Mark Adams <mark@markadams.me>	2015-03-17 20:21:43 -0500
committer	Mark Adams <mark@markadams.me>	2015-03-17 20:21:43 -0500
commit	f6d0ff2778a4f3d2f57935e5f7ed0006fe219d4c (patch)
tree	fdea98e3f4936948519994441431bd9fda6f869f /jwt/algorithms.py
parent	14c5f46391aa1fbaf07be4905998a70dcededa62 (diff)
download	pyjwt-f6d0ff2778a4f3d2f57935e5f7ed0006fe219d4c.tar.gz