Comply with the newest release of PyJWT
A new version of PyJWT==2.0.0 got released a few days back which
changes a few significant things such as return types and option
names, see:
03610f0103/CHANGELOG.md (v200)
This commit edits the code of refstack in order to comply with the newest
changes of PyJWT.
Change-Id: I153384cd39ebadb8ee9eb3d99cd21aa02b8c0673
This commit is contained in:
parent
aa78240eec
commit
69c4d81773
|
@ -385,7 +385,8 @@ def decode_token(request):
|
||||||
raise api_exc.ValidationError(
|
raise api_exc.ValidationError(
|
||||||
"Authorization schema 'Bearer' should be used")
|
"Authorization schema 'Bearer' should be used")
|
||||||
try:
|
try:
|
||||||
token_data = jwt.decode(token, algorithms='RS256', verify=False)
|
token_data = jwt.decode(token, algorithms=['RS256'],
|
||||||
|
options={"verify_signature": False})
|
||||||
except jwt.InvalidTokenError:
|
except jwt.InvalidTokenError:
|
||||||
raise api_exc.ValidationError("Token is not valid")
|
raise api_exc.ValidationError("Token is not valid")
|
||||||
|
|
||||||
|
@ -408,10 +409,10 @@ def decode_token(request):
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
token_data = jwt.decode(
|
token_data = jwt.decode(
|
||||||
token, key=pem_pubkey,
|
token, algorithms=['RS256'], key=pem_pubkey,
|
||||||
options={'verify_signature': True,
|
options={'verify_signature': True,
|
||||||
'verify_exp': True,
|
'verify_exp': True,
|
||||||
'require_exp': True},
|
'require': ['exp']},
|
||||||
leeway=const.JWT_VALIDATION_LEEWAY)
|
leeway=const.JWT_VALIDATION_LEEWAY)
|
||||||
# NOTE(sslipushenko) If at least one key is valid, let
|
# NOTE(sslipushenko) If at least one key is valid, let
|
||||||
# the validation pass
|
# the validation pass
|
||||||
|
|
|
@ -22,7 +22,6 @@ from oslo_utils import timeutils
|
||||||
from oslotest import base
|
from oslotest import base
|
||||||
from pecan import rest
|
from pecan import rest
|
||||||
import jwt
|
import jwt
|
||||||
import six
|
|
||||||
from six.moves.urllib import parse
|
from six.moves.urllib import parse
|
||||||
from webob import exc
|
from webob import exc
|
||||||
|
|
||||||
|
@ -547,14 +546,14 @@ class APIUtilsTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
fake_token = jwt.encode({'foo': 'bar'}, key=PRIV_KEY,
|
fake_token = jwt.encode({'foo': 'bar'}, key=PRIV_KEY,
|
||||||
algorithm='RS256')
|
algorithm='RS256')
|
||||||
auth_str = 'Bearer %s' % six.text_type(fake_token, 'utf-8')
|
auth_str = 'Bearer %s' % fake_token
|
||||||
mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
|
mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
|
||||||
self.assertRaises(api_exc.ValidationError, api_utils.decode_token,
|
self.assertRaises(api_exc.ValidationError, api_utils.decode_token,
|
||||||
mock_request)
|
mock_request)
|
||||||
|
|
||||||
fake_token = jwt.encode({const.USER_OPENID: 'oid'}, key=PRIV_KEY,
|
fake_token = jwt.encode({const.USER_OPENID: 'oid'}, key=PRIV_KEY,
|
||||||
algorithm='RS256')
|
algorithm='RS256')
|
||||||
auth_str = 'Bearer %s' % six.text_type(fake_token, 'utf-8')
|
auth_str = 'Bearer %s' % fake_token
|
||||||
mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
|
mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
|
||||||
mock_pubkey.return_value = [{'format': 'ssh-rsa',
|
mock_pubkey.return_value = [{'format': 'ssh-rsa',
|
||||||
'pubkey': 'fakepubkey'}]
|
'pubkey': 'fakepubkey'}]
|
||||||
|
@ -570,7 +569,7 @@ class APIUtilsTestCase(base.BaseTestCase):
|
||||||
'exp': int(time.time()) + 3600},
|
'exp': int(time.time()) + 3600},
|
||||||
key=PRIV_KEY,
|
key=PRIV_KEY,
|
||||||
algorithm='RS256')
|
algorithm='RS256')
|
||||||
auth_str = 'Bearer %s' % six.text_type(fake_token, 'utf-8')
|
auth_str = 'Bearer %s' % fake_token
|
||||||
mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
|
mock_request.headers = {const.JWT_TOKEN_HEADER: auth_str}
|
||||||
mock_pubkey.return_value = [{'format': 'ssh-rsa',
|
mock_pubkey.return_value = [{'format': 'ssh-rsa',
|
||||||
'pubkey': PUB_KEY}]
|
'pubkey': PUB_KEY}]
|
||||||
|
|
|
@ -2,7 +2,7 @@ SQLAlchemy>=0.8.3
|
||||||
alembic
|
alembic
|
||||||
beaker
|
beaker
|
||||||
beautifulsoup4
|
beautifulsoup4
|
||||||
cryptography>=1.0,!=1.3.0 # BSD/Apache-2.0
|
cryptography>=3.0 # BSD/Apache-2.0
|
||||||
docutils>=0.11
|
docutils>=0.11
|
||||||
oslo.config>=1.6.0 # Apache-2.0
|
oslo.config>=1.6.0 # Apache-2.0
|
||||||
oslo.db>=1.4.1 # Apache-2.0
|
oslo.db>=1.4.1 # Apache-2.0
|
||||||
|
@ -13,6 +13,6 @@ pecan>=0.8.2
|
||||||
requests>=2.2.0,!=2.4.0
|
requests>=2.2.0,!=2.4.0
|
||||||
requests-cache>=0.4.9
|
requests-cache>=0.4.9
|
||||||
jsonschema>=3.2.0
|
jsonschema>=3.2.0
|
||||||
PyJWT>=1.0.1 # MIT
|
PyJWT>=2.0.0 # MIT
|
||||||
WebOb>=1.7.1 # MIT
|
WebOb>=1.7.1 # MIT
|
||||||
PyMySQL>=0.6.2,!=0.6.4
|
PyMySQL>=0.6.2,!=0.6.4
|
||||||
|
|
Loading…
Reference in New Issue