Comply with the newest release of PyJWT

A new version of PyJWT==2.0.0 got released a few days back which changes a few significant things such as return types and option names, see: 03610f0103/CHANGELOG.md (v200) This commit edits the code of refstack in order to comply with the newest changes of PyJWT. Change-Id: I153384cd39ebadb8ee9eb3d99cd21aa02b8c0673
2021-01-08 19:19:03 +00:00 · 2021-01-08 19:19:03 +00:00 · 69c4d81773
parent aa78240eec
commit 69c4d81773
3 changed files with 9 additions and 9 deletions
--- a/refstack/api/utils.py
+++ b/refstack/api/utils.py
@ -385,7 +385,8 @@ def decode_token(request):
        raise api_exc.ValidationError(
            "Authorization schema 'Bearer' should be used")
    try:
-        token_data = jwt.decode(token, algorithms='RS256', verify=False)
+        token_data = jwt.decode(token, algorithms=['RS256'],
                                options={"verify_signature": False})
    except jwt.InvalidTokenError:
        raise api_exc.ValidationError("Token is not valid")
@ -408,10 +409,10 @@ def decode_token(request):
        else:
            try:
                token_data = jwt.decode(
-                    token, key=pem_pubkey,
+                    token, algorithms=['RS256'], key=pem_pubkey,
                    options={'verify_signature': True,
                             'verify_exp': True,
-                             'require_exp': True},
+                             'require': ['exp']},
                    leeway=const.JWT_VALIDATION_LEEWAY)
                # NOTE(sslipushenko) If at least one key is valid, let
                # the validation pass
--- a/refstack/tests/unit/test_api_utils.py
+++ b/refstack/tests/unit/test_api_utils.py
@ -22,7 +22,6 @@ from oslo_utils import timeutils
 from oslotest import base
 from pecan import rest
 import jwt
 import six
 from six.moves.urllib import parse
 from webob import exc
@ -547,14 +546,14 @@ class APIUtilsTestCase(base.BaseTestCase):
        fake_token = jwt.encode({'foo': 'bar'}, key=PRIV_KEY,
                                algorithm='RS256')
-        auth_str = 'Bearer %s' % six.text_type(fake_token, 'utf-8')
+        auth_str = 'Bearer %s' % fake_token
        mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
        self.assertRaises(api_exc.ValidationError, api_utils.decode_token,
                          mock_request)
        fake_token = jwt.encode({const.USER_OPENID: 'oid'}, key=PRIV_KEY,
                                algorithm='RS256')
-        auth_str = 'Bearer %s' % six.text_type(fake_token, 'utf-8')
+        auth_str = 'Bearer %s' % fake_token
        mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
        mock_pubkey.return_value = [{'format': 'ssh-rsa',
                                     'pubkey': 'fakepubkey'}]
@ -570,7 +569,7 @@ class APIUtilsTestCase(base.BaseTestCase):
                                 'exp': int(time.time()) + 3600},
                                key=PRIV_KEY,
                                algorithm='RS256')
-        auth_str = 'Bearer %s' % six.text_type(fake_token, 'utf-8')
+        auth_str = 'Bearer %s' % fake_token
        mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
        mock_pubkey.return_value = [{'format': 'ssh-rsa',
                                     'pubkey': PUB_KEY}]
--- a/requirements.txt
+++ b/requirements.txt
@ -2,7 +2,7 @@ SQLAlchemy>=0.8.3
 alembic
 beaker
 beautifulsoup4
-cryptography>=1.0,!=1.3.0 # BSD/Apache-2.0
+cryptography>=3.0 # BSD/Apache-2.0
 docutils>=0.11
 oslo.config>=1.6.0 # Apache-2.0
 oslo.db>=1.4.1 # Apache-2.0
@ -13,6 +13,6 @@ pecan>=0.8.2
 requests>=2.2.0,!=2.4.0
 requests-cache>=0.4.9
 jsonschema>=3.2.0
-PyJWT>=1.0.1  # MIT
+PyJWT>=2.0.0  # MIT
 WebOb>=1.7.1  # MIT
 PyMySQL>=0.6.2,!=0.6.4