Fix #1193 - deprecated JWT decode. Update to usePyJWT 2.1.0

- Document usage of version 8 with Plone 5.2. - Bumb version on feature level.
plone · Nov 14, 2021 · 968d314 · 968d314
1 parent 2a9be89
commit 968d314
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 4 deletions.
diff --git a/README.rst b/README.rst
@@ -63,6 +63,13 @@ Install plone.restapi by adding it to your buildout::
 
 and then running ``bin/buildout``
 
+Usage in Plone 5.2:
+
+- Older plone.restapi 7.x. is part of the Plone 5.2.x release series and works on both Python 2.7 and 3.6 to 3.8.
+- plone.restapi 8.x or later works with Plone 5.2:
+  - if Python 3.6 or later is used and
+  - since plone.restapi 8.9.0 if PyJWT 2.1.0 is used. Set a pin `pyjwt = 2.1.0` in the `[versions]` section of the buildout file. 
+
 
 Contribute
 ==========

diff --git a/news/1193.bugfix b/news/1193.bugfix
@@ -0,0 +1,3 @@
+Fixes deprecated JWT `decode`usage.
+Uses and requires latest PyJWT 2.1.0 now. 
+[jensens] 
diff --git a/setup.py b/setup.py
@@ -55,13 +55,15 @@ def read(filename):
         "Environment :: Web Environment",
         "Framework :: Plone",
         "Framework :: Plone :: 5.2",
+        "Framework :: Plone :: 6.0",
         "Framework :: Plone :: Core",
         "Intended Audience :: Developers",
         "Operating System :: OS Independent",
         "Programming Language :: Python",
         "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
         "Programming Language :: Python :: 3 :: Only",
         "Topic :: Software Development :: Libraries :: Python Modules",
     ],
@@ -82,7 +84,7 @@ def read(filename):
         "plone.behavior>=1.1",  # adds name to behavior directive
         "plone.rest >= 1.0a6",  # json renderer moved to plone.restapi
         "plone.schema >= 1.2.1",  # new/fixed json field
-        "PyJWT",
+        "PyJWT>=2",
         "pytz",
     ],
     extras_require={"test": TEST_REQUIRES},

diff --git a/src/plone/restapi/pas/plugin.py b/src/plone/restapi/pas/plugin.py
@@ -160,7 +160,12 @@ def _jwt_decode(self, token, secret, verify=True):
         if isinstance(token, str):
             token = token.encode("utf-8")
         try:
-            return jwt.decode(token, secret, verify=verify, algorithms=["HS256"])
+            return jwt.decode(
+                token,
+                secret,
+                options={"verify_signature": verify},
+                algorithms=["HS256"],
+            )
         except jwt.InvalidTokenError:
             pass
 
@@ -194,7 +199,6 @@ def create_token(self, userid, timeout=None, data=None):
         if data is not None:
             payload.update(data)
         token = jwt.encode(payload, self._signing_secret(), algorithm="HS256")
-        token = token.decode("utf-8")
         if self.store_tokens:
             if self._tokens is None:
                 self._tokens = OOBTree()

diff --git a/versions.cfg b/versions.cfg
@@ -25,4 +25,7 @@ cffi = 1.14.4
 
 # requirement for json widget tests to pass
 plone.schema = 1.3.0
-plone.dexterity = 2.9.8
+plone.dexterity = 2.9.8
+
+# recent pyjwt 
+pyjwt = 2.1.0