diff --git a/news/1193.bugfix b/news/1193.bugfix new file mode 100644 index 0000000000..88851d7933 --- /dev/null +++ b/news/1193.bugfix @@ -0,0 +1,3 @@ +Fixes deprecated JWT `decode`usage. +Uses and requires latest PyJWT 2.1.0 now. +[jensens] diff --git a/setup.py b/setup.py index 2f1085a692..cd2ade90eb 100644 --- a/setup.py +++ b/setup.py @@ -82,7 +82,7 @@ def read(filename): "plone.behavior>=1.1", # adds name to behavior directive "plone.rest >= 1.0a6", # json renderer moved to plone.restapi "plone.schema >= 1.2.1", # new/fixed json field - "PyJWT", + "PyJWT>=2", "pytz", ], extras_require={"test": TEST_REQUIRES}, diff --git a/src/plone/restapi/pas/plugin.py b/src/plone/restapi/pas/plugin.py index e244bde960..469f64c33a 100644 --- a/src/plone/restapi/pas/plugin.py +++ b/src/plone/restapi/pas/plugin.py @@ -160,7 +160,12 @@ def _jwt_decode(self, token, secret, verify=True): if isinstance(token, str): token = token.encode("utf-8") try: - return jwt.decode(token, secret, verify=verify, algorithms=["HS256"]) + return jwt.decode( + token, + secret, + options={"verify_signature": verify}, + algorithms=["HS256"], + ) except jwt.InvalidTokenError: pass @@ -194,7 +199,6 @@ def create_token(self, userid, timeout=None, data=None): if data is not None: payload.update(data) token = jwt.encode(payload, self._signing_secret(), algorithm="HS256") - token = token.decode("utf-8") if self.store_tokens: if self._tokens is None: self._tokens = OOBTree() diff --git a/versions.cfg b/versions.cfg index 28a57f5575..f911bbba8f 100644 --- a/versions.cfg +++ b/versions.cfg @@ -25,4 +25,7 @@ cffi = 1.14.4 # requirement for json widget tests to pass plone.schema = 1.3.0 -plone.dexterity = 2.9.8 \ No newline at end of file +plone.dexterity = 2.9.8 + +# recent pyjwt +pyjwt = 2.1.0 \ No newline at end of file