Merge pull request #1377 from plone/maurits-support-pyjwt-1-and-2

Make the PAS plugin compatible with PyJWT 1 and 2.
plone · Apr 22, 2022 · 30ec4d8 · 30ec4d8
2 parents 3eb9010 + 8a3c019
commit 30ec4d8
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/news/1193.bugfix b/news/1193.bugfix
@@ -0,0 +1,2 @@
+Make the PAS plugin compatible with ``PyJWT`` 1 and 2.
+[jensens, maurits]
diff --git a/setup.py b/setup.py
@@ -80,11 +80,12 @@ def read(filename):
     zip_safe=False,
     install_requires=[
         "setuptools",
+        "importlib-metadata; python_version<'3.8'",
         "python-dateutil",
         "plone.behavior>=1.1",  # adds name to behavior directive
         "plone.rest >= 1.0a6",  # json renderer moved to plone.restapi
         "plone.schema >= 1.2.1",  # new/fixed json field
-        "PyJWT",
+        "PyJWT>=1.7.0",
         "pytz",
     ],
     extras_require={"test": TEST_REQUIRES},

diff --git a/src/plone/restapi/pas/plugin.py b/src/plone/restapi/pas/plugin.py
@@ -21,6 +21,16 @@
 import time
 
 
+try:
+    from importlib.metadata import version
+except ImportError:
+    from importlib_metadata import version
+
+if version("pyjwt")[0] == "1":
+    OLD_JWT = True
+else:
+    OLD_JWT = False
+
 manage_addJWTAuthenticationPlugin = PageTemplateFile(
     "add_plugin", globals(), __name__="manage_addJWTAuthenticationPlugin"
 )
@@ -160,7 +170,14 @@ def _jwt_decode(self, token, secret, verify=True):
         if isinstance(token, str):
             token = token.encode("utf-8")
         try:
-            return jwt.decode(token, secret, verify=verify, algorithms=["HS256"])
+            if OLD_JWT:
+                return jwt.decode(token, secret, verify=verify, algorithms=["HS256"])
+            return jwt.decode(
+                token,
+                secret,
+                options={"verify_signature": verify},
+                algorithms=["HS256"],
+            )
         except jwt.InvalidTokenError:
             pass
 
@@ -194,7 +211,8 @@ def create_token(self, userid, timeout=None, data=None):
         if data is not None:
             payload.update(data)
         token = jwt.encode(payload, self._signing_secret(), algorithm="HS256")
-        token = token.decode("utf-8")
+        if OLD_JWT:
+            token = token.decode("utf-8")
         if self.store_tokens:
             if self._tokens is None:
                 self._tokens = OOBTree()
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		Make the PAS plugin compatible with ``PyJWT`` 1 and 2.
		[jensens, maurits]