Merge branch 'master' into json-encodeable-jwk-dict

Author: blag

.travis.yml

@@ -10,6 +10,9 @@ after_success:
   - codecov
 matrix:
   include:
+    # Linting
+    - python: 3.6
+      env: TOX_ENV=flake8
     # CPython 2.7
     - python: 2.7
       env: TOXENV=py27-base
@@ -21,17 +24,6 @@ matrix:
       env: TOXENV=py27-pycrypto-norsa
     - python: 2.7
       env: TOXENV=py27-compatibility
-    # CPython 3.4
-    - python: 3.4
-      env: TOXENV=py34-base
-    - python: 3.4
-      env: TOXENV=py34-cryptography-only
-    - python: 3.4
-      env: TOXENV=py34-pycryptodome-norsa
-    - python: 3.4
-      env: TOXENV=py34-pycrypto-norsa
-    - python: 3.4
-      env: TOXENV=py34-compatibility
     # CPython 3.5
     - python: 3.5
       env: TOXENV=py35-base
@@ -77,17 +69,6 @@ matrix:
       env: TOXENV=py37-compatibility
       dist: xenial
       sudo: true
-    # PyPy 5.3.1
-    - python: pypy-5.3.1
-      env: TOXENV=pypy-base
-    - python: pypy-5.3.1
-      env: TOXENV=pypy-cryptography-only
-    - python: pypy-5.3.1
-      env: TOXENV=pypy-pycryptodome-norsa
-    - python: pypy-5.3.1
-      env: TOXENV=pypy-pycrypto-norsa
-    - python: pypy-5.3.1
-      env: TOXENV=pypy-compatibility
     # PyPy 3.5 (5.10.1?)
     - python: pypy3.5
       env: TOXENV=pypy-base
@@ -99,6 +80,3 @@ matrix:
       env: TOXENV=pypy-pycrypto-norsa
     - python: pypy3.5
       env: TOXENV=pypy-compatibility
-    # Linting
-    - python: 3.6
-      env: TOX_ENV=flake8

CHANGELOG.md

@@ -0,0 +1,49 @@
+# Changelog #
+
+## Development ##
+
+* Fix `to_dict` output, which should always be JSON encodeable. #139 (fixes #127 and #137)
+
+## 3.1.0 -- 2019-12-10 ##
+
+This is a greatly overdue release.
+
+### Features ###
+
+* Improve `JWT.decode()` #76 (fixes #75)
+* Sort headers when serializing to allow for headless JWT #136 (fixes #80)
+* Adjust dependency handling
+  - Use PyCryptodome instead of PyCrypto #83
+  - Update package dependencies #124 (fixes #158)
+* Avoid using deprecated methods #85
+* Support X509 certificates #107
+* Isolate and flesh out cryptographic backends to enable independent operation #129 (fixes #114)
+  - Remove pyca/cryptography backend's dependency on python-ecdsa #117
+  - Remove pycrypto/dome backends' dependency on python-rsa #121
+  - Make pyca/cryptography backend the preferred backend if multiple backends are present #122
+
+### Bugfixes/Improvements ###
+
+* Enable flake8 check in tox/TravisCI #77
+* Fix `crytography` dependency typo #94
+* Trigger tests using `python setup.py test` #97
+* Properly raise an error if a claim is expected and not given #98
+* Typo fixes #110
+* Fix invalid RSA private key PKCS8 encoding by python-rsa backend #120 (fixes #119)
+* Remove `future` dependency #134 (fixes #112)
+* Fix incorrect use of `pytest.raises(message=...)` #141
+* Typo fix #143
+* Clarify sign docstring to allow for `dict` payload #150
+
+### Housekeeping ###
+
+* Streamline the code a bit and update classifiers #87
+* Fix typo and rephrase `access_token` documentation #89
+* Code linting now mostly honors flake8 #101
+* Document using a `dict` for `jwt.encode` and `jwt.decode` #103
+* Include docs and tests in source distributions #111
+* Updating README descriptions of crypto backends #130
+* Document versioning policy #131
+* Add `CHANGELOG.rst` #132 (fixes #99)
+* Simplify and extend `.travis.yml` #135
+* Move `CHANGELOG.rst` to `CHANGELOG.md` and update it #159

CHANGELOG.rst

@@ -1,40 +0,0 @@
----------
-Changelog
----------
-
-3.1.0 -- 2019-??-??
-^^^^^^^^^^^^^^^^^^^
-
-Major
-"""""
-
-* Isolate and flesh out cryptographic backends to enable independent operation.
-  `#114 <https://github.com/mpdavis/python-jose/issues/114>`_
-  `#129 <https://github.com/mpdavis/python-jose/pull/129>`_
-* Remove pyca/cryptography backend's dependency on python-ecdsa.
-  `#117 <https://github.com/mpdavis/python-jose/pull/117>`_
-* Remove pycrypto/dome backends' dependency on python-rsa.
-  `#121 <https://github.com/mpdavis/python-jose/pull/121>`_
-* Make pyca/cryptography backend the preferred backend if multiple backends are present.
-  `#122 <https://github.com/mpdavis/python-jose/pull/122>`_
-* Allow for headless JWT by sorting headers when serializing.
-  `#136 <https://github.com/mpdavis/python-jose/pull/136>`_
-
-Bugfixes
-""""""""
-
-* Fix invalid RSA private key PKCS8 encoding by python-rsa backend.
-  `#120 <https://github.com/mpdavis/python-jose/pull/120>`_
-* Fix to_dict output, which should always be JSON encodeable.
-  `#139 <https://github.com/mpdavis/python-jose/pull/139>`_
-
-Housekeeping
-""""""""""""
-
-* Test each cryptographic backend independently in CI.
-  `#114 <https://github.com/mpdavis/python-jose/issues/114>`_
-  `#129 <https://github.com/mpdavis/python-jose/pull/129>`_
-  `#135 <https://github.com/mpdavis/python-jose/pull/135>`_
-* Add flake8 checks in CI.
-* Add CPython 3.7 and PyPy 3.5 testing in CI.
-* Remove package future as a dependency, not needed anymore.

jose/__init__.py

@@ -1,5 +1,5 @@
 
-__version__ = "3.0.1"
+__version__ = "3.1.0"
 __author__ = 'Michael Davis'
 __license__ = 'MIT'
 __copyright__ = 'Copyright 2016 Michael Davis'

jose/backends/cryptography_backend.py

@@ -76,7 +76,7 @@ def __init__(self, key, algorithm, cryptography_backend=default_backend):
 
     def _process_jwk(self, jwk_dict):
         if not jwk_dict.get('kty') == 'EC':
-            raise JWKError("Incorrect key type.  Expected: 'EC', Received: %s" % jwk_dict.get('kty'))
+            raise JWKError("Incorrect key type. Expected: 'EC', Received: %s" % jwk_dict.get('kty'))
 
         if not all(k in jwk_dict for k in ['x', 'y', 'crv']):
             raise JWKError('Mandatory parameters are missing')
@@ -244,7 +244,7 @@ def __init__(self, key, algorithm, cryptography_backend=default_backend):
 
     def _process_jwk(self, jwk_dict):
         if not jwk_dict.get('kty') == 'RSA':
-            raise JWKError("Incorrect key type.  Expected: 'RSA', Received: %s" % jwk_dict.get('kty'))
+            raise JWKError("Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get('kty'))
 
         e = base64_to_long(jwk_dict.get('e', 256))
         n = base64_to_long(jwk_dict.get('n'))

jose/backends/ecdsa_backend.py

@@ -70,7 +70,7 @@ def __init__(self, key, algorithm):
 
     def _process_jwk(self, jwk_dict):
         if not jwk_dict.get('kty') == 'EC':
-            raise JWKError("Incorrect key type.  Expected: 'EC', Recieved: %s" % jwk_dict.get('kty'))
+            raise JWKError("Incorrect key type. Expected: 'EC', Received: %s" % jwk_dict.get('kty'))
 
         if not all(k in jwk_dict for k in ['x', 'y', 'crv']):
             raise JWKError('Mandatory parameters are missing')

jose/backends/pycrypto_backend.py

@@ -95,7 +95,7 @@ def __init__(self, key, algorithm):
 
     def _process_jwk(self, jwk_dict):
         if not jwk_dict.get('kty') == 'RSA':
-            raise JWKError("Incorrect key type.  Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty'))
+            raise JWKError("Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get('kty'))
 
         e = base64_to_long(jwk_dict.get('e', 256))
         n = base64_to_long(jwk_dict.get('n'))

jose/backends/rsa_backend.py

@@ -170,7 +170,7 @@ def __init__(self, key, algorithm):
 
     def _process_jwk(self, jwk_dict):
         if not jwk_dict.get('kty') == 'RSA':
-            raise JWKError("Incorrect key type.  Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty'))
+            raise JWKError("Incorrect key type. Expected: 'RSA', Received: %s" % jwk_dict.get('kty'))
 
         e = base64_to_long(jwk_dict.get('e'))
         n = base64_to_long(jwk_dict.get('n'))

jose/exceptions.py

@@ -24,10 +24,6 @@ class JWTClaimsError(JWTError):
     pass
 
 
-class JWTSignatureError(JWTError):
-    pass
-
-
 class ExpiredSignatureError(JWTError):
     pass
 

jose/jwk.py

@@ -6,7 +6,6 @@
 from jose.constants import ALGORITHMS
 from jose.exceptions import JWKError
 from jose.utils import base64url_decode, base64url_encode
-from jose.utils import constant_time_string_compare
 from jose.backends.base import Key
 
 try:
@@ -36,7 +35,7 @@ def get_key(algorithm):
 
 def register_key(algorithm, key_class):
     if not issubclass(key_class, Key):
-        raise TypeError("Key class not a subclass of jwk.Key")
+        raise TypeError("Key class is not a subclass of jwk.Key")
     ALGORITHMS.KEYS[algorithm] = key_class
     ALGORITHMS.SUPPORTED.add(algorithm)
     return True
@@ -53,11 +52,11 @@ def construct(key_data, algorithm=None):
         algorithm = key_data.get('alg', None)
 
     if not algorithm:
-        raise JWKError('Unable to find a algorithm for key: %s' % key_data)
+        raise JWKError('Unable to find an algorithm for key: %s' % key_data)
 
     key_class = get_key(algorithm)
     if not key_class:
-        raise JWKError('Unable to find a algorithm for key: %s' % key_data)
+        raise JWKError('Unable to find an algorithm for key: %s' % key_data)
     return key_class(key_data, algorithm)
 
 
@@ -119,7 +118,7 @@ def __init__(self, key, algorithm):
 
     def _process_jwk(self, jwk_dict):
         if not jwk_dict.get('kty') == 'oct':
-            raise JWKError("Incorrect key type.  Expected: 'oct', Recieved: %s" % jwk_dict.get('kty'))
+            raise JWKError("Incorrect key type. Expected: 'oct', Received: %s" % jwk_dict.get('kty'))
 
         k = jwk_dict.get('k')
         k = k.encode('utf-8')
@@ -132,7 +131,7 @@ def sign(self, msg):
         return hmac.new(self.prepared_key, msg, self.hash_alg).digest()
 
     def verify(self, msg, sig):
-        return constant_time_string_compare(sig, self.sign(msg))
+        return hmac.compare_digest(sig, self.sign(msg))
 
     def to_dict(self):
         return {