diff options
author | Aarni Koskela <akx@iki.fi> | 2022-12-10 17:44:04 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-10 21:44:04 +0600 |
commit | 2306f68b87c5f7eecbd838db900a2d3685b81b3c (patch) | |
tree | eba477f54ab693600e65cf325842fc0c15436a1b /jwt/api_jws.py | |
parent | fb9b3119449353dca6c03be27f32e482852473c3 (diff) | |
download | pyjwt-2306f68b87c5f7eecbd838db900a2d3685b81b3c.tar.gz |
Make mypy configuration stricter and improve typing (#830)
* PyJWS._verify_signature: raise early KeyError if header is missing alg
* Make Mypy configuration stricter
* Improve typing in jwt.utils
* Improve typing in jwt.help
* Improve typing in jwt.exceptions
* Improve typing in jwt.api_jwk
* Improve typing in jwt.api_jws
* Improve typing & clean up imports in jwt.algorithms
* Correct JWS.decode rettype to any (payload could be something else)
* Update typing in api_jwt
* Improve typing in jwks_client
* Improve typing in docs/conf.py
* Fix (benign) mistyping in test_advisory
* Fix misc type complaints in tests
Diffstat (limited to 'jwt/api_jws.py')
-rw-r--r-- | jwt/api_jws.py | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/jwt/api_jws.py b/jwt/api_jws.py index c914db1..0a775d7 100644 --- a/jwt/api_jws.py +++ b/jwt/api_jws.py @@ -3,7 +3,7 @@ from __future__ import annotations import binascii import json import warnings -from typing import Any, Type +from typing import Any, List, Optional, Type from .algorithms import ( Algorithm, @@ -24,7 +24,11 @@ from .warnings import RemovedInPyjwt3Warning class PyJWS: header_typ = "JWT" - def __init__(self, algorithms=None, options=None) -> None: + def __init__( + self, + algorithms: Optional[List[str]] = None, + options: Optional[dict[str, Any]] = None, + ) -> None: self._algorithms = get_default_algorithms() self._valid_algs = ( set(algorithms) if algorithms is not None else set(self._algorithms) @@ -164,8 +168,8 @@ class PyJWS: def decode_complete( self, - jwt: str, - key: str = "", + jwt: str | bytes, + key: str | bytes = "", algorithms: list[str] | None = None, options: dict[str, Any] | None = None, detached_payload: bytes | None = None, @@ -209,13 +213,13 @@ class PyJWS: def decode( self, - jwt: str, - key: str = "", + jwt: str | bytes, + key: str | bytes = "", algorithms: list[str] | None = None, options: dict[str, Any] | None = None, detached_payload: bytes | None = None, **kwargs, - ) -> str: + ) -> Any: if kwargs: warnings.warn( "passing additional kwargs to decode() is deprecated " @@ -228,7 +232,7 @@ class PyJWS: ) return decoded["payload"] - def get_unverified_header(self, jwt: str | bytes) -> dict: + def get_unverified_header(self, jwt: str | bytes) -> dict[str, Any]: """Returns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters @@ -239,7 +243,7 @@ class PyJWS: return headers - def _load(self, jwt: str | bytes) -> tuple[bytes, bytes, dict, bytes]: + def _load(self, jwt: str | bytes) -> tuple[bytes, bytes, dict[str, Any], bytes]: if isinstance(jwt, str): jwt = jwt.encode("utf-8") @@ -280,13 +284,15 @@ class PyJWS: def _verify_signature( self, signing_input: bytes, - header: dict, + header: dict[str, Any], signature: bytes, - key: str = "", + key: str | bytes = "", algorithms: list[str] | None = None, ) -> None: - - alg = header.get("alg") + try: + alg = header["alg"] + except KeyError: + raise InvalidAlgorithmError("Algorithm not specified") if not alg or (algorithms is not None and alg not in algorithms): raise InvalidAlgorithmError("The specified alg value is not allowed") @@ -304,7 +310,7 @@ class PyJWS: if "kid" in headers: self._validate_kid(headers["kid"]) - def _validate_kid(self, kid: str) -> None: + def _validate_kid(self, kid: Any) -> None: if not isinstance(kid, str): raise InvalidTokenError("Key ID header parameter must be a string") |