Fixes #103

- Require PyJWT v1.1.0 or greater.
- Use decode options instead of verify_expiration

Author: jpadilla

rest_framework_jwt/utils.py

@@ -47,11 +47,15 @@ def jwt_encode_handler(payload):
 
 
 def jwt_decode_handler(token):
+    options = {
+        'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
+    }
+
     return jwt.decode(
         token,
         api_settings.JWT_SECRET_KEY,
         api_settings.JWT_VERIFY,
-        verify_expiration=api_settings.JWT_VERIFY_EXPIRATION,
+        options=options,
         leeway=api_settings.JWT_LEEWAY,
         audience=api_settings.JWT_AUDIENCE,
         issuer=api_settings.JWT_ISSUER,

setup.py

@@ -18,7 +18,7 @@
 author_email = '[email protected]'
 license = 'MIT'
 install_requires = [
-    'PyJWT>=1.0.0,<2.0.0',
+    'PyJWT>=1.1.0,<2.0.0',
 ]
 
 

tests/test_utils.py

@@ -57,6 +57,16 @@ def test_jwt_response_payload(self):
 
         self.assertEqual(response_data, dict(token=token))
 
+    def test_jwt_decode_verify_exp(self):
+        api_settings.JWT_VERIFY_EXPIRATION = False
+
+        payload = utils.jwt_payload_handler(self.user)
+        payload['exp'] = 1
+        token = utils.jwt_encode_handler(payload)
+        utils.jwt_decode_handler(token)
+
+        api_settings.JWT_VERIFY_EXPIRATION = True
+
 
 class TestAudience(TestCase):
     def setUp(self):