Skip to content

Commit

Permalink
Update audience typing (#782)
Browse files Browse the repository at this point in the history
* fix(api_jwt): update audience typing & type checking

* doc(api): update decode.audience typing

* feat(test_api_jwt): ensure audience as bytes raises error

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* refacto(api_jwt): precise typing

Co-authored-by: Julian Maurin <julian.maurin.perso@pm.me>

Update jwt/api_jwt.py

Co-authored-by: Julian Maurin <julian.maurin.perso@pm.me>

fix(jwt/api_jwt.py): backport future annotations

* fix: handle audience=0

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
  • Loading branch information
3 people authored Jul 31, 2022
1 parent 0bef0fb commit 98a5c1d
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 6 deletions.
2 changes: 1 addition & 1 deletion docs/api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ API Reference
if ``verify_exp``, ``verify_iat``, and ``verify_nbf`` respectively
is set to ``True``).

:param Iterable audience: optional, the value for ``verify_aud`` check
:param Union[str, Iterable] audience: optional, the value for ``verify_aud`` check
:param str issuer: optional, the value for ``verify_iss`` check
:param float leeway: a time margin in seconds for the expiration check
:rtype: dict
Expand Down
10 changes: 6 additions & 4 deletions jwt/api_jwt.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
from __future__ import annotations

import json
import warnings
from calendar import timegm
Expand Down Expand Up @@ -76,7 +78,7 @@ def decode_complete(
detached_payload: Optional[bytes] = None,
# passthrough arguments to _validate_claims
# consider putting in options
audience: Optional[str] = None,
audience: Optional[Union[str, Iterable[str]]] = None,
issuer: Optional[str] = None,
leeway: Union[int, float, timedelta] = 0,
# kwargs
Expand Down Expand Up @@ -150,7 +152,7 @@ def decode(
detached_payload: Optional[bytes] = None,
# passthrough arguments to _validate_claims
# consider putting in options
audience: Optional[str] = None,
audience: Optional[Union[str, Iterable[str]]] = None,
issuer: Optional[str] = None,
leeway: Union[int, float, timedelta] = 0,
# kwargs
Expand Down Expand Up @@ -180,8 +182,8 @@ def _validate_claims(self, payload, options, audience=None, issuer=None, leeway=
if isinstance(leeway, timedelta):
leeway = leeway.total_seconds()

if not isinstance(audience, (bytes, str, type(None), Iterable)):
raise TypeError("audience must be a string, iterable, or None")
if audience is not None and not isinstance(audience, (str, Iterable)):
raise TypeError("audience must be a string, iterable or None")

self._validate_required_claims(payload, options)

Expand Down
10 changes: 9 additions & 1 deletion tests/test_api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ def test_decode_with_invalid_audience_param_throws_exception(self, jwt):
jwt.decode(example_jwt, secret, audience=1, algorithms=["HS256"])

exception = context.value
assert str(exception) == "audience must be a string, iterable, or None"
assert str(exception) == "audience must be a string, iterable or None"

def test_decode_with_nonlist_aud_claim_throws_exception(self, jwt):
secret = "secret"
Expand Down Expand Up @@ -419,6 +419,14 @@ def test_raise_exception_invalid_audience(self, jwt):
with pytest.raises(InvalidAudienceError):
jwt.decode(token, "secret", audience="urn-me", algorithms=["HS256"])

def test_raise_exception_audience_as_bytes(self, jwt):
payload = {"some": "payload", "aud": ["urn:me", "urn:someone-else"]}
token = jwt.encode(payload, "secret")
with pytest.raises(InvalidAudienceError):
jwt.decode(
token, "secret", audience="urn:me".encode(), algorithms=["HS256"]
)

def test_raise_exception_invalid_audience_in_array(self, jwt):
payload = {
"some": "payload",
Expand Down

0 comments on commit 98a5c1d

Please sign in to comment.