diff options
-rw-r--r-- | jwt/api_jwt.py | 7 | ||||
-rw-r--r-- | tests/test_api_jwt.py | 20 |
2 files changed, 27 insertions, 0 deletions
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index 4a8a3ae..c1bc058 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -1,4 +1,5 @@ import json +import warnings from calendar import timegm from collections import Mapping @@ -74,6 +75,12 @@ class PyJWT(PyJWS): def _validate_claims(self, payload, audience=None, issuer=None, leeway=0, options=None, **kwargs): + + if 'verify_expiration' in kwargs: + options['verify_exp'] = kwargs.get('verify_expiration', True) + warnings.warn('The verify_expiration parameter is deprecated. ' + 'Please use options instead.', DeprecationWarning) + if isinstance(leeway, timedelta): leeway = timedelta_total_seconds(leeway) diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py index 8b2b852..4361d6e 100644 --- a/tests/test_api_jwt.py +++ b/tests/test_api_jwt.py @@ -419,3 +419,23 @@ class TestJWT: payload = jwt.decode(token, 'secret') assert payload == {'some_decimal': 'it worked'} + + def test_decode_with_verify_expiration_kwarg(self, jwt, payload): + payload['exp'] = utc_timestamp() - 1 + secret = 'secret' + jwt_message = jwt.encode(payload, secret) + + pytest.deprecated_call( + jwt.decode, + jwt_message, + secret, + verify_expiration=False + ) + + with pytest.raises(ExpiredSignatureError): + pytest.deprecated_call( + jwt.decode, + jwt_message, + secret, + verify_expiration=True + ) |