Merge pull request #75 from web-push-libs/bug/74

bug: Use RFC8282 Vapid by default

Author: jrconlin

python/LICENSE

@@ -1,3 +1,5 @@
+[![PyPI version py_vapid](https://badge.fury.io/py/py-vapid.svg)](https://pypi.org/project/py-vapid/)
+
 # Easy VAPID generation
 
 This minimal library contains the minimal set of functions you need to

python/README.md

@@ -1,75 +1,77 @@
+`PyPI version py_vapid <https://pypi.org/project/py-vapid/>`__
+
 Easy VAPID generation
 =====================
 
 This minimal library contains the minimal set of functions you need to
-generate a VAPID key set and get the headers you'll need to sign a
+generate a VAPID key set and get the headers you’ll need to sign a
 WebPush subscription update.
 
 VAPID is a voluntary standard for WebPush subscription providers (sites
 that send WebPush updates to remote customers) to self-identify to Push
 Servers (the servers that convey the push notifications).
 
-The VAPID "claims" are a set of JSON keys and values. There are two
+The VAPID “claims” are a set of JSON keys and values. There are two
 required fields, one semi-optional and several optional additional
 fields.
 
 At a minimum a VAPID claim set should look like:
 
 ::
 
-    {"sub":"mailto:[email protected]","aud":"https://PushServer","exp":"ExpirationTimestamp"}
+   {"sub":"mailto:[email protected]","aud":"https://PushServer","exp":"ExpirationTimestamp"}
 
 A few notes:
 
-***sub*** is the email address you wish to have on record for this
-request, prefixed with "``mailto:``". If things go wrong, this is the
+**sub** is the email address you wish to have on record for this
+request, prefixed with “``mailto:``”. If things go wrong, this is the
 email that will be used to contact you (for instance). This can be a
-general delivery address like "``mailto:[email protected]``"
-or a specific address like "``mailto:[email protected]``".
+general delivery address like “``mailto:[email protected]``”
+or a specific address like “``mailto:[email protected]``”.
 
-***aud*** is the audience for the VAPID. This is the scheme and host you
+**aud** is the audience for the VAPID. This is the scheme and host you
 use to send subscription endpoints and generally coincides with the
 ``endpoint`` specified in the Subscription Info block.
 
 As example, if a WebPush subscription info contains:
 ``{"endpoint": "https://push.example.com:8012/v1/push/...", ...}``
 
-then the ``aud`` would be "``https://push.example.com:8012``"
+then the ``aud`` would be “``https://push.example.com:8012``”
 
 While some Push Services consider this an optional field, others may be
 stricter.
 
-***exp*** This is the UTC timestamp for when this VAPID request will
+**exp** This is the UTC timestamp for when this VAPID request will
 expire. The maximum period is 24 hours. Setting a shorter period can
-prevent "replay" attacks. Setting a longer period allows you to reuse
-headers for multiple sends (e.g. if you're sending hundreds of updates
+prevent “replay” attacks. Setting a longer period allows you to reuse
+headers for multiple sends (e.g. if you’re sending hundreds of updates
 within an hour or so.) If no ``exp`` is included, one that will expire
 in 24 hours will be auto-generated for you.
 
 Claims should be stored in a JSON compatible file. In the examples
-below, we've stored the claims into a file named ``claims.json``.
+below, we’ve stored the claims into a file named ``claims.json``.
 
-py\_vapid can either be installed as a library or used as a stand along
+py_vapid can either be installed as a library or used as a stand along
 app, ``bin/vapid``.
 
 App Installation
 ----------------
 
-You'll need ``python virtualenv`` Run that in the current directory.
+You’ll need ``python virtualenv`` Run that in the current directory.
 
 Then run
 
 ::
 
-    bin/pip install -r requirements.txt
+   bin/pip install -r requirements.txt
 
-    bin/python setup.py install
+   bin/python setup.py install
 
 App Usage
 ---------
 
 Run by itself, ``bin/vapid`` will check and optionally create the
-public\_key.pem and private\_key.pem files.
+public_key.pem and private_key.pem files.
 
 ``bin/vapid --gen`` can be used to generate a new set of public and
 private key PEM files. These will overwrite the contents of
@@ -88,7 +90,7 @@ endpoint. See
 https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe
 for more details. Be aware that this value is tied to the generated
 public/private key. If you remove or generate a new key, any restricted
-URL you've previously generated will need to be reallocated. Please note
+URL you’ve previously generated will need to be reallocated. Please note
 that some User Agents may require you `to decode this string into a
 Uint8Array <https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js>`__.
 

python/README.rst

@@ -20,7 +20,7 @@
 from py_vapid.jwt import sign
 
 # Show compliance version. For earlier versions see previously tagged releases.
-VERSION = "VAPID-DRAFT-02/ECE-DRAFT-07"
+VERSION = "VAPID-RFC/ECE-RFC"
 
 
 class VapidException(Exception):
@@ -303,9 +303,9 @@ def sign(self, claims, crypto_key=None):
 
 
 class Vapid02(Vapid01):
-    """Minimal Vapid 02 signature generation library
+    """Minimal Vapid RFC8292 signature generation library
 
-    https://tools.ietf.org/html/draft-ietf-webpush-vapid-02
+    https://tools.ietf.org/html/rfc8292
 
     """
     _schema = "vapid"

python/py_vapid/__init__.py

@@ -25,10 +25,10 @@ def main():
     parser.add_argument('--sign', '-s', help='claims file to sign')
     parser.add_argument('--gen', '-g', help='generate new key pairs',
                         default=False, action="store_true")
-    parser.add_argument('--version2', '-2', help="use VAPID spec Draft-02",
-                        default=False, action="store_true")
-    parser.add_argument('--version1', '-1', help="use VAPID spec Draft-01",
+    parser.add_argument('--version2', '-2', help="use RFC8292 VAPID spec",
                         default=True, action="store_true")
+    parser.add_argument('--version1', '-1', help="use VAPID spec Draft-01",
+                        default=False, action="store_true")
     parser.add_argument('--json',  help="dump as json",
                         default=False, action="store_true")
     parser.add_argument('--applicationServerKey',
@@ -37,9 +37,9 @@ def main():
     args = parser.parse_args()
 
     # Added to solve 2.7 => 3.* incompatibility
-    Vapid = Vapid01
-    if args.version2:
-        Vapid = Vapid02
+    Vapid = Vapid02
+    if args.version1:
+        Vapid = Vapid01
     if args.gen or not os.path.exists('private_key.pem'):
         if not args.gen:
             print("No private_key.pem file found.")

python/py_vapid/main.py

@@ -1,8 +1,8 @@
 [nosetests]
 verbose=True
 verbosity=1
-cover-tests=True
-cover-erase=True
-with-coverage=True
+#cover-tests=True
+#cover-erase=True
+#with-coverage=True
 detailed-errors=True
-cover-package=py_vapid
+#cover-package=py_vapid

python/setup.cfg

@@ -3,7 +3,7 @@
 
 from setuptools import setup, find_packages
 
-__version__ = "1.5.0"
+__version__ = "1.6.0"
 
 
 def read_from(file):

python/setup.py

@@ -2,4 +2,5 @@
 # Package the current branch up to pypi
 # remember to update the README.rst file
 pandoc --from=markdown --to=rst --output README.rst README.md
-bin/python setup.py sdist upload
+bin/python setup.py sdist
+bin/twine upload dist/*