Merge pull request #63 from oslokommune/DP-1721-upgrade-pyjwt

simenheg · web-flow · commit 6d2e93b0bb74 · 2021-03-01T08:49:22.000+01:00
DP-1721 Upgrade to PyJWT 2
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## ?.?.?
+
+* PyJWT 2.0.0 or above is now required.
+
 ## 0.6.2
 
 * Authentication is no longer necessary for downloading public ("green")
diff --git a/okdata/sdk/auth/util.py b/okdata/sdk/auth/util.py
@@ -19,7 +19,7 @@ def is_expired(timestamp):
 
 
 def decode_token(token):
-    return jwt.decode(token, verify=False, algorithms=["HS256"])
+    return jwt.decode(token, options={"verify_signature": False})
 
 
 def get_expired_timestamp(token):
diff --git a/requirements.txt b/requirements.txt
@@ -4,26 +4,53 @@
 #
 #    pip-compile
 #
-attrs==19.3.0             # via jsonschema
-certifi==2019.9.11        # via requests
-chardet==3.0.4            # via requests
-ecdsa==0.13.3             # via python-jose
-future==0.18.2            # via python-jose
-idna==2.8                 # via requests
-importlib-metadata==1.3.0  # via jsonschema
+attrs==19.3.0
+    # via jsonschema
+certifi==2019.9.11
+    # via requests
+chardet==3.0.4
+    # via requests
+ecdsa==0.13.3
+    # via python-jose
+future==0.18.2
+    # via python-jose
+idna==2.8
+    # via requests
+importlib-metadata==1.3.0
+    # via jsonschema
 jsonschema==3.2.0
-more-itertools==8.0.2     # via zipp
+    # via okdata-sdk (setup.py)
+more-itertools==8.0.2
+    # via zipp
 prettytable==0.7.2
-pyasn1==0.4.7             # via rsa
-pyjwt==1.7.1
-pyrsistent==0.15.6        # via jsonschema
-python-jose==3.0.1        # via python-keycloak
+    # via okdata-sdk (setup.py)
+pyasn1==0.4.7
+    # via rsa
+pyjwt==2.0.1
+    # via okdata-sdk (setup.py)
+pyrsistent==0.15.6
+    # via jsonschema
+python-jose==3.0.1
+    # via python-keycloak
 python-keycloak==0.18.0
+    # via okdata-sdk (setup.py)
 requests==2.22.0
-rsa==4.0                  # via python-jose
-six==1.12.0               # via jsonschema, pyrsistent, python-jose
+    # via
+    #   okdata-sdk (setup.py)
+    #   python-keycloak
+rsa==4.0
+    # via python-jose
+six==1.12.0
+    # via
+    #   jsonschema
+    #   pyrsistent
+    #   python-jose
 urllib3==1.25.6
-zipp==0.6.0               # via importlib-metadata
+    # via
+    #   okdata-sdk (setup.py)
+    #   requests
+zipp==0.6.0
+    # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
diff --git a/setup.py b/setup.py
@@ -22,7 +22,7 @@
         "urllib3",
         "PrettyTable",
         "python-keycloak",
-        "PyJWT",
+        "PyJWT>=2.0.0",
         "jsonschema",
     ],
     data_files=[
diff --git a/tests/auth/client_credentials_test_utils.py b/tests/auth/client_credentials_test_utils.py
@@ -11,8 +11,8 @@
 
 expired = {"exp": datetime.timestamp(expired_time)}
 
-not_expired_token = jwt.encode(not_expired, "secret", algorithm="HS256").decode("utf-8")
-expired_token = jwt.encode(expired, "secret", algorithm="HS256").decode("utf-8")
+not_expired_token = jwt.encode(not_expired, "secret", algorithm="HS256")
+expired_token = jwt.encode(expired, "secret", algorithm="HS256")
 
 default_test_client_credentials = {
     "access_token": not_expired_token,
@@ -24,7 +24,5 @@
 
 from_cache_not_expired_token = jwt.encode(
     from_cache_not_expired, "secret", algorithm="HS256"
-).decode("utf-8")
-from_cache_expired_token = jwt.encode(
-    from_cache_expired, "secret", algorithm="HS256"
-).decode("utf-8")
+)
+from_cache_expired_token = jwt.encode(from_cache_expired, "secret", algorithm="HS256")
