Merge pull request #814 from CitrineInformatics/maintain/bump-pyjwt-version

Bump very out-of-date pyjwt version

Author: kroenlein

requirements.txt

@@ -1,6 +1,6 @@
 gemd==1.11.1
 requests==2.25.1
-pyjwt==1.7.1
+pyjwt==2.4.0
 arrow==0.15.4
 sphinx==4.3.0
 sphinxcontrib-apidoc==0.3.0

setup.py

@@ -22,7 +22,7 @@
       packages=find_packages(where='src'),
       install_requires=[
           "requests>=2.25.1,<3",
-          "pyjwt>=1.7.1,<2",
+          "pyjwt>=2,<3",
           "arrow>=0.15.4,<0.16",
           "gemd>=1.9.0,<2",
           "boto3>=1.17.93,<2",

src/citrine/__version__.py

@@ -1 +1 @@
-__version__ = '1.58.0'
+__version__ = '1.58.1'

src/citrine/_session.py

@@ -131,7 +131,9 @@ def _refresh_access_token(self) -> None:
             raise UnauthorizedRefreshToken()
         self.access_token = response.json()['access_token']
         self.access_token_expiration = datetime.utcfromtimestamp(
-            jwt.decode(self.access_token, verify=False)['exp']
+            jwt.decode(self.access_token,
+                       options={"verify_signature": False},
+                       algorithms=["HS256"])['exp']
         )
 
         # Explicitly set an updated 'auth', so as to not rely on implicit cookie handling.

tests/test_citrine.py

@@ -14,7 +14,7 @@ def refresh_token(expiration: datetime = None) -> dict:
         payload={'exp': expiration.timestamp()},
         key='garbage'
     )
-    return {'access_token': token.decode('utf-8')}
+    return {'access_token': token}
 
 
 token_refresh_response = refresh_token(datetime(2019, 3, 14, tzinfo=pytz.utc))

tests/test_session.py

@@ -27,7 +27,7 @@ def refresh_token(expiration: datetime = None) -> dict:
         payload={'exp': expiration.timestamp()},
         key='garbage'
     )
-    return {'access_token': token.decode('utf-8')}
+    return {'access_token': token}
 
 
 @pytest.fixture