Sem-Ver: feature Add and use a specific exception, JtiUniqunessException, for when a JTI is used more than once.

dbaxa · web-flow · commit 103748107d79 · 2020-02-27T09:00:07.000+11:00
Signed-off-by: David Black &lt;dblack@atlassian.com&gt;
diff --git a/atlassian_jwt_auth/exceptions.py b/atlassian_jwt_auth/exceptions.py
@@ -53,6 +53,10 @@ class KeyIdentifierException(ASAPAuthenticationException):
     """Raise when there are issues validating the key identifier"""
 
 
+class JtiUniqunessException(ASAPAuthenticationException):
+    """Raise when a JTI is seen more than once. """
+
+
 class NoTokenProvidedError(ASAPAuthenticationException):
     """Raise when no token is provided"""
     pass
diff --git a/atlassian_jwt_auth/tests/test_verifier.py b/atlassian_jwt_auth/tests/test_verifier.py
@@ -4,6 +4,7 @@
 import mock
 
 import atlassian_jwt_auth
+import atlassian_jwt_auth.exceptions
 from atlassian_jwt_auth.tests import utils
 
 
@@ -98,8 +99,10 @@ def test_verify_jwt_with_jwt_with_already_seen_jti(self):
         self.assertIsNotNone(verifier.verify_jwt(
             a_jwt,
             self._example_aud))
-        with self.assertRaisesRegexp(ValueError, 'has already been used'):
-            verifier.verify_jwt(a_jwt, self._example_aud)
+        for exception in [ValueError,
+                          atlassian_jwt_auth.exceptions.JtiUniqunessException]:
+            with self.assertRaisesRegexp(exception, 'has already been used'):
+                verifier.verify_jwt(a_jwt, self._example_aud)
 
     def test_verify_jwt_with_already_seen_jti_with_uniqueness_disabled(self):
         """ tests that verify_jwt accepts a jwt if the jti
diff --git a/atlassian_jwt_auth/verifier.py b/atlassian_jwt_auth/verifier.py
@@ -4,6 +4,7 @@
 
 from atlassian_jwt_auth import algorithms
 from atlassian_jwt_auth import key
+from atlassian_jwt_auth import exceptions
 
 
 class JWTAuthVerifier(object):
@@ -79,7 +80,8 @@ def _decode_jwt(self, a_jwt, key_identifier, jwt_key,
     def _check_jti(self, jti):
         """Checks that the given jti has not been already been used."""
         if jti in self._seen_jti:
-            raise ValueError("The jti, '%s', has already been used." % jti)
+            raise exceptions.JtiUniqunessException(
+                "The jti, '%s', has already been used." % jti)
         self._seen_jti[jti] = None
         while len(self._seen_jti) > 1000:
             self._seen_jti.popitem(last=False)
