[Python-modules-commits] [pyjwt] 01/01: Import pyjwt_1.4.0.orig.tar.gz

Daniele Tricoli eriol-guest at moszumanska.debian.org
Sat May 7 22:28:05 UTC 2016


This is an automated email from the git hooks/post-receive script.

eriol-guest pushed a commit to branch upstream
in repository pyjwt.

commit 339a054cf7293a7d9ba8b8eac5558f1d92490a0a
Author: Daniele Tricoli <eriol at mornie.org>
Date:   Fri Feb 12 05:09:49 2016 +0100

    Import pyjwt_1.4.0.orig.tar.gz
---
 CHANGELOG.md                                       |  14 +++++
 MANIFEST.in                                        |   2 +
 PKG-INFO                                           |  63 +++++++++++++++-----
 PyJWT.egg-info/PKG-INFO                            |  63 +++++++++++++++-----
 PyJWT.egg-info/SOURCES.txt                         |  12 +---
 README.md                                          |  61 ++++++++++++++-----
 jwt/__init__.py                                    |   5 +-
 jwt/api_jws.py                                     |   2 +-
 jwt/api_jwt.py                                     |  23 ++++++--
 jwt/exceptions.py                                  |   8 +++
 tests/__init__.pyc                                 | Bin 144 -> 0 bytes
 .../test_algorithms.cpython-27-PYTEST.pyc          | Bin 14156 -> 0 bytes
 .../__pycache__/test_api_jws.cpython-27-PYTEST.pyc | Bin 41476 -> 0 bytes
 .../__pycache__/test_api_jwt.cpython-27-PYTEST.pyc | Bin 25197 -> 0 bytes
 .../__pycache__/test_compat.cpython-27-PYTEST.pyc  | Bin 3447 -> 0 bytes
 tests/__pycache__/test_jwt.cpython-27-PYTEST.pyc   | Bin 1593 -> 0 bytes
 tests/compat.pyc                                   | Bin 338 -> 0 bytes
 tests/contrib/__init__.pyc                         | Bin 152 -> 0 bytes
 .../test_algorithms.cpython-27-PYTEST.pyc          | Bin 10845 -> 0 bytes
 tests/test_api_jws.py                              |  10 ++++
 tests/test_api_jwt.py                              |  65 +++++++++++++++++----
 tests/test_exceptions.py                           |   7 +++
 tests/test_jwt.pyc                                 | Bin 28933 -> 0 bytes
 tests/utils.pyc                                    | Bin 1264 -> 0 bytes
 24 files changed, 258 insertions(+), 77 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8330390..573eabd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,19 @@ Change Log
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+[v1.4][1.4.0]
+-------------------------------------------------------------------------
+### Fixed
+- Exclude Python cache files from PyPI releases.
+
+### Added
+- Added new options to require certain claims
+  (require_nbf, require_iat, require_exp) and raise `MissingRequiredClaimError`
+  if they are not present.
+- If `audience=` or `issuer=` is specified but the claim is not present,
+  `MissingRequiredClaimError` is now raised instead of `InvalidAudienceError`
+  and `InvalidIssuerError`
+
 [v1.3][1.3.0]
 -------------------------------------------------------------------------
 ### Fixed
@@ -72,6 +85,7 @@ rarely used. Users affected by this should upgrade to 3.3+.
 [1.1.0]: https://github.com/jpadilla/pyjwt/compare/1.0.1...1.1.0
 [1.2.0]: https://github.com/jpadilla/pyjwt/compare/1.1.0...1.2.0
 [1.3.0]: https://github.com/jpadilla/pyjwt/compare/1.2.0...1.3.0
+[1.4.0]: https://github.com/jpadilla/pyjwt/compare/1.3.0...1.4.0
 
 
 [109]: https://github.com/jpadilla/pyjwt/pull/109
diff --git a/MANIFEST.in b/MANIFEST.in
index 1321c3a..38dbbef 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -3,4 +3,6 @@ include CHANGELOG.md
 include LICENSE
 include AUTHORS
 include tox.ini
+recursive-exclude * __pycache__
+recursive-exclude * *.py[co]
 graft tests
diff --git a/PKG-INFO b/PKG-INFO
index 760e74c..a2eeee7 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: PyJWT
-Version: 1.3.0
+Version: 1.4.0
 Summary: JSON Web Token implementation in Python
 Home-page: http://github.com/jpadilla/pyjwt
 Author: José Padilla
@@ -9,6 +9,7 @@ License: MIT
 Description: # PyJWT
         
         [![travis-status-image]][travis]
+        [![appveyor-status-image]][appveyor]
         [![pypi-version-image]][pypi]
         [![coveralls-status-image]][coveralls]
         
@@ -30,7 +31,7 @@ Description: # PyJWT
         $ pip install cryptography
         ```
         
-        If you're system doesn't allow installing `cryptography` like on Google App Engine, you can install `PyCrypto` for RSA signatures and `ecdsa` for ECDSA signatures.
+        If your system doesn't allow installing `cryptography` like on Google App Engine, you can install `PyCrypto` for RSA signatures and `ecdsa` for ECDSA signatures.
         
         ## Usage
         
@@ -62,10 +63,12 @@ Description: # PyJWT
         {u'some': u'payload'}
         ```
         
-        The `decode()` function can raise other exceptions, e.g. for invalid issuer or
-        audience (see below). All exceptions that signify that the token is invalid
-        extend from the base `InvalidTokenError` exception class, so applications can
-        use this approach to catch any issues relating to invalid tokens:
+        ## Validation
+        Exceptions can be raised during `decode()` for other errors besides an
+        invalid signature (e.g. for invalid issuer or audience (see below). All
+        exceptions that signify that the token is invalid extend from the base
+        `InvalidTokenError` exception class, so applications can use this approach to
+        catch any issues relating to invalid tokens:
         
         ```python
         try:
@@ -74,8 +77,9 @@ Description: # PyJWT
              pass  # do something sensible here, e.g. return HTTP 403 status code
         ```
         
-        You may also override exception checking via an `options` dictionary.  The default
-        options are as follows:
+        ### Skipping Claim Verification
+        You may also override claim verification via the `options` dictionary.  The
+        default options are:
         
         ```python
         options = {
@@ -84,24 +88,49 @@ Description: # PyJWT
            'verify_nbf': True,
            'verify_iat': True,
            'verify_aud': True
+           'require_exp': False,
+           'require_iat': False,
+           'require_nbf': False
         }
         ```
         
-        You can skip individual checks by passing an `options` dictionary with certain keys set to `False`.
-        For example, if you want to verify the signature of a JWT that has already expired.
+        You can skip validation of individual claims by passing an `options` dictionary
+        with the "verify_<claim_name>" key set to `False` when you call `jwt.decode()`.
+        For example, if you want to verify the signature of a JWT that has already
+        expired, you could do so by setting `verify_exp` to `False`.
         
         ```python
         >>> options = {
-        >>>    'verify_exp': True,
+        >>>    'verify_exp': False,
         >>> }
         
+        >>> encoded = '...' # JWT with an expired exp claim
         >>> jwt.decode(encoded, 'secret', options=options)
         {u'some': u'payload'}
         ```
         
-        **NOTE**: *Changing the default behavior is done at your own risk, and almost certainly will make your
-        application less secure.  Doing so should only be done with a very clear understanding of what you
-        are doing.*
+        **NOTE**: *Changing the default behavior is done at your own risk, and almost
+        certainly will make your application less secure.  Doing so should only be done
+        with a very clear understanding of what you are doing.*
+        
+        ### Requiring Optional Claims
+        In addition to skipping certain validations, you may also specify that certain
+        optional claims are required by setting the appropriate `require_<claim_name>`
+        option to True. If the claim is not present, PyJWT will raise a
+        `jwt.exceptions.MissingRequiredClaimError`.
+        
+        For instance, the following code would require that the token has a 'exp'
+        claim and raise an error if it is not present:
+        
+        ```python
+        >>> options = {
+        >>>     'require_exp': True
+        >>> }
+        
+        >>> encoded =  '...' # JWT without an exp claim
+        >>> jwt.decode(encoded, 'secret', options=options)
+        jwt.exceptions.MissingRequiredClaimError: Token is missing the "exp" claim
+        ```
         
         ## Tests
         
@@ -349,9 +378,11 @@ Description: # PyJWT
         private_key = cert_obj.private_key()
         ```
         
-        [travis-status-image]: https://secure.travis-ci.org/jpadilla/pyjwt.png?branch=master
+        [travis-status-image]: https://secure.travis-ci.org/jpadilla/pyjwt.svg?branch=master
         [travis]: http://travis-ci.org/jpadilla/pyjwt?branch=master
-        [pypi-version-image]: https://pypip.in/version/pyjwt/badge.svg
+        [appveyor-status-image]: https://ci.appveyor.com/api/projects/status/h8nt70aqtwhht39t?svg=true
+        [appveyor]: https://ci.appveyor.com/project/jpadilla/pyjwt
+        [pypi-version-image]: https://img.shields.io/pypi/v/pyjwt.svg
         [pypi]: https://pypi.python.org/pypi/pyjwt
         [coveralls-status-image]: https://coveralls.io/repos/jpadilla/pyjwt/badge.svg?branch=master
         [coveralls]: https://coveralls.io/r/jpadilla/pyjwt?branch=master
diff --git a/PyJWT.egg-info/PKG-INFO b/PyJWT.egg-info/PKG-INFO
index 760e74c..a2eeee7 100644
--- a/PyJWT.egg-info/PKG-INFO
+++ b/PyJWT.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: PyJWT
-Version: 1.3.0
+Version: 1.4.0
 Summary: JSON Web Token implementation in Python
 Home-page: http://github.com/jpadilla/pyjwt
 Author: José Padilla
@@ -9,6 +9,7 @@ License: MIT
 Description: # PyJWT
         
         [![travis-status-image]][travis]
+        [![appveyor-status-image]][appveyor]
         [![pypi-version-image]][pypi]
         [![coveralls-status-image]][coveralls]
         
@@ -30,7 +31,7 @@ Description: # PyJWT
         $ pip install cryptography
         ```
         
-        If you're system doesn't allow installing `cryptography` like on Google App Engine, you can install `PyCrypto` for RSA signatures and `ecdsa` for ECDSA signatures.
+        If your system doesn't allow installing `cryptography` like on Google App Engine, you can install `PyCrypto` for RSA signatures and `ecdsa` for ECDSA signatures.
         
         ## Usage
         
@@ -62,10 +63,12 @@ Description: # PyJWT
         {u'some': u'payload'}
         ```
         
-        The `decode()` function can raise other exceptions, e.g. for invalid issuer or
-        audience (see below). All exceptions that signify that the token is invalid
-        extend from the base `InvalidTokenError` exception class, so applications can
-        use this approach to catch any issues relating to invalid tokens:
+        ## Validation
+        Exceptions can be raised during `decode()` for other errors besides an
+        invalid signature (e.g. for invalid issuer or audience (see below). All
+        exceptions that signify that the token is invalid extend from the base
+        `InvalidTokenError` exception class, so applications can use this approach to
+        catch any issues relating to invalid tokens:
         
         ```python
         try:
@@ -74,8 +77,9 @@ Description: # PyJWT
              pass  # do something sensible here, e.g. return HTTP 403 status code
         ```
         
-        You may also override exception checking via an `options` dictionary.  The default
-        options are as follows:
+        ### Skipping Claim Verification
+        You may also override claim verification via the `options` dictionary.  The
+        default options are:
         
         ```python
         options = {
@@ -84,24 +88,49 @@ Description: # PyJWT
            'verify_nbf': True,
            'verify_iat': True,
            'verify_aud': True
+           'require_exp': False,
+           'require_iat': False,
+           'require_nbf': False
         }
         ```
         
-        You can skip individual checks by passing an `options` dictionary with certain keys set to `False`.
-        For example, if you want to verify the signature of a JWT that has already expired.
+        You can skip validation of individual claims by passing an `options` dictionary
+        with the "verify_<claim_name>" key set to `False` when you call `jwt.decode()`.
+        For example, if you want to verify the signature of a JWT that has already
+        expired, you could do so by setting `verify_exp` to `False`.
         
         ```python
         >>> options = {
-        >>>    'verify_exp': True,
+        >>>    'verify_exp': False,
         >>> }
         
+        >>> encoded = '...' # JWT with an expired exp claim
         >>> jwt.decode(encoded, 'secret', options=options)
         {u'some': u'payload'}
         ```
         
-        **NOTE**: *Changing the default behavior is done at your own risk, and almost certainly will make your
-        application less secure.  Doing so should only be done with a very clear understanding of what you
-        are doing.*
+        **NOTE**: *Changing the default behavior is done at your own risk, and almost
+        certainly will make your application less secure.  Doing so should only be done
+        with a very clear understanding of what you are doing.*
+        
+        ### Requiring Optional Claims
+        In addition to skipping certain validations, you may also specify that certain
+        optional claims are required by setting the appropriate `require_<claim_name>`
+        option to True. If the claim is not present, PyJWT will raise a
+        `jwt.exceptions.MissingRequiredClaimError`.
+        
+        For instance, the following code would require that the token has a 'exp'
+        claim and raise an error if it is not present:
+        
+        ```python
+        >>> options = {
+        >>>     'require_exp': True
+        >>> }
+        
+        >>> encoded =  '...' # JWT without an exp claim
+        >>> jwt.decode(encoded, 'secret', options=options)
+        jwt.exceptions.MissingRequiredClaimError: Token is missing the "exp" claim
+        ```
         
         ## Tests
         
@@ -349,9 +378,11 @@ Description: # PyJWT
         private_key = cert_obj.private_key()
         ```
         
-        [travis-status-image]: https://secure.travis-ci.org/jpadilla/pyjwt.png?branch=master
+        [travis-status-image]: https://secure.travis-ci.org/jpadilla/pyjwt.svg?branch=master
         [travis]: http://travis-ci.org/jpadilla/pyjwt?branch=master
-        [pypi-version-image]: https://pypip.in/version/pyjwt/badge.svg
+        [appveyor-status-image]: https://ci.appveyor.com/api/projects/status/h8nt70aqtwhht39t?svg=true
+        [appveyor]: https://ci.appveyor.com/project/jpadilla/pyjwt
+        [pypi-version-image]: https://img.shields.io/pypi/v/pyjwt.svg
         [pypi]: https://pypi.python.org/pypi/pyjwt
         [coveralls-status-image]: https://coveralls.io/repos/jpadilla/pyjwt/badge.svg?branch=master
         [coveralls]: https://coveralls.io/r/jpadilla/pyjwt?branch=master
diff --git a/PyJWT.egg-info/SOURCES.txt b/PyJWT.egg-info/SOURCES.txt
index 4537ce6..972fb0f 100644
--- a/PyJWT.egg-info/SOURCES.txt
+++ b/PyJWT.egg-info/SOURCES.txt
@@ -25,26 +25,16 @@ jwt/contrib/algorithms/__init__.py
 jwt/contrib/algorithms/py_ecdsa.py
 jwt/contrib/algorithms/pycrypto.py
 tests/__init__.py
-tests/__init__.pyc
 tests/compat.py
-tests/compat.pyc
 tests/test_algorithms.py
 tests/test_api_jws.py
 tests/test_api_jwt.py
 tests/test_compat.py
+tests/test_exceptions.py
 tests/test_jwt.py
-tests/test_jwt.pyc
 tests/utils.py
-tests/utils.pyc
-tests/__pycache__/test_algorithms.cpython-27-PYTEST.pyc
-tests/__pycache__/test_api_jws.cpython-27-PYTEST.pyc
-tests/__pycache__/test_api_jwt.cpython-27-PYTEST.pyc
-tests/__pycache__/test_compat.cpython-27-PYTEST.pyc
-tests/__pycache__/test_jwt.cpython-27-PYTEST.pyc
 tests/contrib/__init__.py
-tests/contrib/__init__.pyc
 tests/contrib/test_algorithms.py
-tests/contrib/__pycache__/test_algorithms.cpython-27-PYTEST.pyc
 tests/keys/__init__.py
 tests/keys/jwk_ec_key.json
 tests/keys/jwk_ec_pub.json
diff --git a/README.md b/README.md
index 5e3d529..0dbe758 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # PyJWT
 
 [![travis-status-image]][travis]
+[![appveyor-status-image]][appveyor]
 [![pypi-version-image]][pypi]
 [![coveralls-status-image]][coveralls]
 
@@ -22,7 +23,7 @@ using any of those algorithms, you'll need to install it as well.
 $ pip install cryptography
 ```
 
-If you're system doesn't allow installing `cryptography` like on Google App Engine, you can install `PyCrypto` for RSA signatures and `ecdsa` for ECDSA signatures.
+If your system doesn't allow installing `cryptography` like on Google App Engine, you can install `PyCrypto` for RSA signatures and `ecdsa` for ECDSA signatures.
 
 ## Usage
 
@@ -54,10 +55,12 @@ You can still get the payload by setting the `verify` argument to `False`.
 {u'some': u'payload'}
 ```
 
-The `decode()` function can raise other exceptions, e.g. for invalid issuer or
-audience (see below). All exceptions that signify that the token is invalid
-extend from the base `InvalidTokenError` exception class, so applications can
-use this approach to catch any issues relating to invalid tokens:
+## Validation
+Exceptions can be raised during `decode()` for other errors besides an
+invalid signature (e.g. for invalid issuer or audience (see below). All
+exceptions that signify that the token is invalid extend from the base
+`InvalidTokenError` exception class, so applications can use this approach to
+catch any issues relating to invalid tokens:
 
 ```python
 try:
@@ -66,8 +69,9 @@ except jwt.InvalidTokenError:
      pass  # do something sensible here, e.g. return HTTP 403 status code
 ```
 
-You may also override exception checking via an `options` dictionary.  The default
-options are as follows:
+### Skipping Claim Verification
+You may also override claim verification via the `options` dictionary.  The
+default options are:
 
 ```python
 options = {
@@ -76,24 +80,49 @@ options = {
    'verify_nbf': True,
    'verify_iat': True,
    'verify_aud': True
+   'require_exp': False,
+   'require_iat': False,
+   'require_nbf': False
 }
 ```
 
-You can skip individual checks by passing an `options` dictionary with certain keys set to `False`.
-For example, if you want to verify the signature of a JWT that has already expired.
+You can skip validation of individual claims by passing an `options` dictionary
+with the "verify_<claim_name>" key set to `False` when you call `jwt.decode()`.
+For example, if you want to verify the signature of a JWT that has already
+expired, you could do so by setting `verify_exp` to `False`.
 
 ```python
 >>> options = {
->>>    'verify_exp': True,
+>>>    'verify_exp': False,
 >>> }
 
+>>> encoded = '...' # JWT with an expired exp claim
 >>> jwt.decode(encoded, 'secret', options=options)
 {u'some': u'payload'}
 ```
 
-**NOTE**: *Changing the default behavior is done at your own risk, and almost certainly will make your
-application less secure.  Doing so should only be done with a very clear understanding of what you
-are doing.*
+**NOTE**: *Changing the default behavior is done at your own risk, and almost
+certainly will make your application less secure.  Doing so should only be done
+with a very clear understanding of what you are doing.*
+
+### Requiring Optional Claims
+In addition to skipping certain validations, you may also specify that certain
+optional claims are required by setting the appropriate `require_<claim_name>`
+option to True. If the claim is not present, PyJWT will raise a
+`jwt.exceptions.MissingRequiredClaimError`.
+
+For instance, the following code would require that the token has a 'exp'
+claim and raise an error if it is not present:
+
+```python
+>>> options = {
+>>>     'require_exp': True
+>>> }
+
+>>> encoded =  '...' # JWT without an exp claim
+>>> jwt.decode(encoded, 'secret', options=options)
+jwt.exceptions.MissingRequiredClaimError: Token is missing the "exp" claim
+```
 
 ## Tests
 
@@ -341,9 +370,11 @@ public_key = cert_obj.public_key()
 private_key = cert_obj.private_key()
 ```
 
-[travis-status-image]: https://secure.travis-ci.org/jpadilla/pyjwt.png?branch=master
+[travis-status-image]: https://secure.travis-ci.org/jpadilla/pyjwt.svg?branch=master
 [travis]: http://travis-ci.org/jpadilla/pyjwt?branch=master
-[pypi-version-image]: https://pypip.in/version/pyjwt/badge.svg
+[appveyor-status-image]: https://ci.appveyor.com/api/projects/status/h8nt70aqtwhht39t?svg=true
+[appveyor]: https://ci.appveyor.com/project/jpadilla/pyjwt
+[pypi-version-image]: https://img.shields.io/pypi/v/pyjwt.svg
 [pypi]: https://pypi.python.org/pypi/pyjwt
 [coveralls-status-image]: https://coveralls.io/repos/jpadilla/pyjwt/badge.svg?branch=master
 [coveralls]: https://coveralls.io/r/jpadilla/pyjwt?branch=master
diff --git a/jwt/__init__.py b/jwt/__init__.py
index 63b4a53..2840c04 100644
--- a/jwt/__init__.py
+++ b/jwt/__init__.py
@@ -10,7 +10,7 @@ http://self-issued.info/docs/draft-jones-json-web-token-01.html
 
 
 __title__ = 'pyjwt'
-__version__ = '1.3.0'
+__version__ = '1.4.0'
 __author__ = 'José Padilla'
 __license__ = 'MIT'
 __copyright__ = 'Copyright 2015 José Padilla'
@@ -24,5 +24,6 @@ from .api_jws import PyJWS
 from .exceptions import (
     InvalidTokenError, DecodeError, InvalidAudienceError,
     ExpiredSignatureError, ImmatureSignatureError, InvalidIssuedAtError,
-    InvalidIssuerError, ExpiredSignature, InvalidAudience, InvalidIssuer
+    InvalidIssuerError, ExpiredSignature, InvalidAudience, InvalidIssuer,
+    MissingRequiredClaimError
 )
diff --git a/jwt/api_jws.py b/jwt/api_jws.py
index 13b6214..0c61c7d 100644
--- a/jwt/api_jws.py
+++ b/jwt/api_jws.py
@@ -165,7 +165,7 @@ class PyJWS(object):
     def _verify_signature(self, payload, signing_input, header, signature,
                           key='', algorithms=None):
 
-        alg = header['alg']
+        alg = header.get('alg')
 
         if algorithms is not None and alg not in algorithms:
             raise InvalidAlgorithmError('The specified alg value is not allowed')
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
index 09290e1..9703b8d 100644
--- a/jwt/api_jwt.py
+++ b/jwt/api_jwt.py
@@ -11,7 +11,7 @@ from .compat import string_types, timedelta_total_seconds
 from .exceptions import (
     DecodeError, ExpiredSignatureError, ImmatureSignatureError,
     InvalidAudienceError, InvalidIssuedAtError,
-    InvalidIssuerError
+    InvalidIssuerError, MissingRequiredClaimError
 )
 from .utils import merge_dict
 
@@ -27,7 +27,10 @@ class PyJWT(PyJWS):
             'verify_nbf': True,
             'verify_iat': True,
             'verify_aud': True,
-            'verify_iss': True
+            'verify_iss': True,
+            'require_exp': False,
+            'require_iat': False,
+            'require_nbf': False
         }
 
     def encode(self, payload, key, algorithm='HS256', headers=None,
@@ -87,6 +90,8 @@ class PyJWT(PyJWS):
         if not isinstance(audience, (string_types, type(None))):
             raise TypeError('audience must be a string or None')
 
+        self._validate_required_claims(payload, options)
+
         now = timegm(datetime.utcnow().utctimetuple())
 
         if 'iat' in payload and options.get('verify_iat'):
@@ -104,6 +109,16 @@ class PyJWT(PyJWS):
         if options.get('verify_aud'):
             self._validate_aud(payload, audience)
 
+    def _validate_required_claims(self, payload, options):
+        if options.get('require_exp') and payload.get('exp') is None:
+            raise MissingRequiredClaimError('exp')
+
+        if options.get('require_iat') and payload.get('iat') is None:
+            raise MissingRequiredClaimError('iat')
+
+        if options.get('require_nbf') and payload.get('nbf') is None:
+            raise MissingRequiredClaimError('nbf')
+
     def _validate_iat(self, payload, now, leeway):
         try:
             iat = int(payload['iat'])
@@ -140,7 +155,7 @@ class PyJWT(PyJWS):
         if audience is not None and 'aud' not in payload:
             # Application specified an audience, but it could not be
             # verified since the token does not contain a claim.
-            raise InvalidAudienceError('No audience claim in token')
+            raise MissingRequiredClaimError('aud')
 
         audience_claims = payload['aud']
 
@@ -158,7 +173,7 @@ class PyJWT(PyJWS):
             return
 
         if 'iss' not in payload:
-            raise InvalidIssuerError('Token does not contain an iss claim')
+            raise MissingRequiredClaimError('iss')
 
         if payload['iss'] != issuer:
             raise InvalidIssuerError('Invalid issuer')
diff --git a/jwt/exceptions.py b/jwt/exceptions.py
index 0e82e6f..31177a0 100644
--- a/jwt/exceptions.py
+++ b/jwt/exceptions.py
@@ -34,6 +34,14 @@ class InvalidAlgorithmError(InvalidTokenError):
     pass
 
 
+class MissingRequiredClaimError(InvalidTokenError):
+    def __init__(self, claim):
+        self.claim = claim
+
+    def __str__(self):
+        return 'Token is missing the "%s" claim' % self.claim
+
+
 # Compatibility aliases (deprecated)
 ExpiredSignature = ExpiredSignatureError
 InvalidAudience = InvalidAudienceError
diff --git a/tests/__init__.pyc b/tests/__init__.pyc
deleted file mode 100644
index 45386bc..0000000
Binary files a/tests/__init__.pyc and /dev/null differ
diff --git a/tests/__pycache__/test_algorithms.cpython-27-PYTEST.pyc b/tests/__pycache__/test_algorithms.cpython-27-PYTEST.pyc
deleted file mode 100644
index 9ee2f3a..0000000
Binary files a/tests/__pycache__/test_algorithms.cpython-27-PYTEST.pyc and /dev/null differ
diff --git a/tests/__pycache__/test_api_jws.cpython-27-PYTEST.pyc b/tests/__pycache__/test_api_jws.cpython-27-PYTEST.pyc
deleted file mode 100644
index ddaf543..0000000
Binary files a/tests/__pycache__/test_api_jws.cpython-27-PYTEST.pyc and /dev/null differ
diff --git a/tests/__pycache__/test_api_jwt.cpython-27-PYTEST.pyc b/tests/__pycache__/test_api_jwt.cpython-27-PYTEST.pyc
deleted file mode 100644
index 30387ef..0000000
Binary files a/tests/__pycache__/test_api_jwt.cpython-27-PYTEST.pyc and /dev/null differ
diff --git a/tests/__pycache__/test_compat.cpython-27-PYTEST.pyc b/tests/__pycache__/test_compat.cpython-27-PYTEST.pyc
deleted file mode 100644
index edca733..0000000
Binary files a/tests/__pycache__/test_compat.cpython-27-PYTEST.pyc and /dev/null differ
diff --git a/tests/__pycache__/test_jwt.cpython-27-PYTEST.pyc b/tests/__pycache__/test_jwt.cpython-27-PYTEST.pyc
deleted file mode 100644
index 8c532b4..0000000
Binary files a/tests/__pycache__/test_jwt.cpython-27-PYTEST.pyc and /dev/null differ
diff --git a/tests/compat.pyc b/tests/compat.pyc
deleted file mode 100644
index c4a9435..0000000
Binary files a/tests/compat.pyc and /dev/null differ
diff --git a/tests/contrib/__init__.pyc b/tests/contrib/__init__.pyc
deleted file mode 100644
index 330b7cd..0000000
Binary files a/tests/contrib/__init__.pyc and /dev/null differ
diff --git a/tests/contrib/__pycache__/test_algorithms.cpython-27-PYTEST.pyc b/tests/contrib/__pycache__/test_algorithms.cpython-27-PYTEST.pyc
deleted file mode 100644
index 43c6dcb..0000000
Binary files a/tests/contrib/__pycache__/test_algorithms.cpython-27-PYTEST.pyc and /dev/null differ
diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py
index 9395ae8..9aa8b85 100644
--- a/tests/test_api_jws.py
+++ b/tests/test_api_jws.py
@@ -270,6 +270,16 @@ class TestJWS:
 
         assert 'Signature verification' in str(exc.value)
 
+    def test_verify_signature_with_no_algo_header_throws_exception(self, jws, payload):
+        example_jws = (
+            b'e30'
+            b'.eyJhIjo1fQ'
+            b'.KEh186CjVw_Q8FadjJcaVnE7hO5Z9nHBbU8TgbhHcBY'
+        )
+
+        with pytest.raises(InvalidAlgorithmError):
+            jws.decode(example_jws, 'secret')
+
     def test_invalid_crypto_alg(self, jws, payload):
         with pytest.raises(NotImplementedError):
             jws.encode(payload, 'secret', algorithm='HS1024')
diff --git a/tests/test_api_jwt.py b/tests/test_api_jwt.py
index 7d33a9e..211f0df 100644
--- a/tests/test_api_jwt.py
+++ b/tests/test_api_jwt.py
@@ -9,7 +9,8 @@ from decimal import Decimal
 from jwt.api_jwt import PyJWT
 from jwt.exceptions import (
     DecodeError, ExpiredSignatureError, ImmatureSignatureError,
-    InvalidAudienceError, InvalidIssuedAtError, InvalidIssuerError
+    InvalidAudienceError, InvalidIssuedAtError, InvalidIssuerError,
+    MissingRequiredClaimError
 )
 
 import pytest
@@ -317,15 +318,31 @@ class TestJWT:
         with pytest.raises(InvalidAudienceError):
             jwt.decode(token, 'secret', audience='urn:me')
 
+    def test_raise_exception_token_without_issuer(self, jwt):
+        issuer = 'urn:wrong'
+
+        payload = {
+            'some': 'payload'
+        }
+
+        token = jwt.encode(payload, 'secret')
+
+        with pytest.raises(MissingRequiredClaimError) as exc:
+            jwt.decode(token, 'secret', issuer=issuer)
+
+        assert exc.value.claim == 'iss'
+
     def test_raise_exception_token_without_audience(self, jwt):
         payload = {
             'some': 'payload',
         }
         token = jwt.encode(payload, 'secret')
 
-        with pytest.raises(InvalidAudienceError):
+        with pytest.raises(MissingRequiredClaimError) as exc:
             jwt.decode(token, 'secret', audience='urn:me')
 
+        assert exc.value.claim == 'aud'
+
     def test_check_issuer_when_valid(self, jwt):
         issuer = 'urn:foo'
         payload = {
@@ -348,33 +365,57 @@ class TestJWT:
         with pytest.raises(InvalidIssuerError):
             jwt.decode(token, 'secret', issuer=issuer)
 
-    def test_raise_exception_token_without_issuer(self, jwt):
-        issuer = 'urn:wrong'
+    def test_skip_check_audience(self, jwt):
+        payload = {
+            'some': 'payload',
+            'aud': 'urn:me',
+        }
+        token = jwt.encode(payload, 'secret')
+        jwt.decode(token, 'secret', options={'verify_aud': False})
 
+    def test_skip_check_exp(self, jwt):
         payload = {
             'some': 'payload',
+            'exp': datetime.utcnow() - timedelta(days=1)
         }
+        token = jwt.encode(payload, 'secret')
+        jwt.decode(token, 'secret', options={'verify_exp': False})
 
+    def test_decode_should_raise_error_if_exp_required_but_not_present(self, jwt):
+        payload = {
+            'some': 'payload',
+            # exp not present
+        }
         token = jwt.encode(payload, 'secret')
 
-        with pytest.raises(InvalidIssuerError):
-            jwt.decode(token, 'secret', issuer=issuer)
+        with pytest.raises(MissingRequiredClaimError) as exc:
+            jwt.decode(token, 'secret', options={'require_exp': True})
 
-    def test_skip_check_audience(self, jwt):
+        assert exc.value.claim == 'exp'
+
+    def test_decode_should_raise_error_if_iat_required_but_not_present(self, jwt):
         payload = {
             'some': 'payload',
-            'aud': 'urn:me',
+            # iat not present
         }
         token = jwt.encode(payload, 'secret')
-        jwt.decode(token, 'secret', options={'verify_aud': False})
 
-    def test_skip_check_exp(self, jwt):
+        with pytest.raises(MissingRequiredClaimError) as exc:
+            jwt.decode(token, 'secret', options={'require_iat': True})
+
+        assert exc.value.claim == 'iat'
+
+    def test_decode_should_raise_error_if_nbf_required_but_not_present(self, jwt):
         payload = {
             'some': 'payload',
-            'exp': datetime.utcnow() - timedelta(days=1)
+            # nbf not present
         }
         token = jwt.encode(payload, 'secret')
-        jwt.decode(token, 'secret', options={'verify_exp': False})
+
+        with pytest.raises(MissingRequiredClaimError) as exc:
+            jwt.decode(token, 'secret', options={'require_nbf': True})
+
+        assert exc.value.claim == 'nbf'
 
     def test_skip_check_signature(self, jwt):
         token = ("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py
new file mode 100644
index 0000000..9e7f91e
--- /dev/null
+++ b/tests/test_exceptions.py
@@ -0,0 +1,7 @@
+from jwt.exceptions import MissingRequiredClaimError
+
+
+def test_missing_required_claim_error_has_proper_str():
+    exc = MissingRequiredClaimError('abc')
+
+    assert str(exc) == 'Token is missing the "abc" claim'
diff --git a/tests/test_jwt.pyc b/tests/test_jwt.pyc
deleted file mode 100644
index fa82e3f..0000000
Binary files a/tests/test_jwt.pyc and /dev/null differ
diff --git a/tests/utils.pyc b/tests/utils.pyc
deleted file mode 100644
index e1d4c0b..0000000
Binary files a/tests/utils.pyc and /dev/null differ

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/pyjwt.git



More information about the Python-modules-commits mailing list