Add warning when decoding with no algorithms specified
This commit is contained in:
parent
37926ea0dd
commit
11f30c4050
|
@ -117,6 +117,15 @@ class PyJWS(object):
|
|||
|
||||
def decode(self, jws, key='', verify=True, algorithms=None, options=None,
|
||||
**kwargs):
|
||||
|
||||
if not algorithms:
|
||||
warnings.warn(
|
||||
'It is strongly recommended that you pass in a ' +
|
||||
'value for the "algorithms" argument when calling decode(). ' +
|
||||
'This argument will be mandatory in a future version.',
|
||||
DeprecationWarning
|
||||
)
|
||||
|
||||
payload, signing_input, header, signature = self._load(jws)
|
||||
|
||||
if verify:
|
||||
|
|
|
@ -58,6 +58,15 @@ class PyJWT(PyJWS):
|
|||
|
||||
def decode(self, jwt, key='', verify=True, algorithms=None, options=None,
|
||||
**kwargs):
|
||||
|
||||
if not algorithms:
|
||||
warnings.warn(
|
||||
'It is strongly recommended that you pass in a ' +
|
||||
'value for the "algorithms" argument when calling decode(). ' +
|
||||
'This argument will be mandatory in a future version.',
|
||||
DeprecationWarning
|
||||
)
|
||||
|
||||
payload, signing_input, header, signature = self._load(jwt)
|
||||
|
||||
if options is None:
|
||||
|
|
|
@ -265,6 +265,16 @@ class TestJWS:
|
|||
|
||||
pytest.deprecated_call(jws.decode, example_jws, verify=False)
|
||||
|
||||
def test_decode_with_optional_algorithms(self, jws):
|
||||
example_secret = 'secret'
|
||||
example_jws = (
|
||||
b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'
|
||||
b'aGVsbG8gd29ybGQ.'
|
||||
b'SIr03zM64awWRdPrAM_61QWsZchAtgDV3pphfHPPWkI'
|
||||
)
|
||||
|
||||
pytest.deprecated_call(jws.decode, example_jws, key=example_secret)
|
||||
|
||||
def test_load_no_verification(self, jws, payload):
|
||||
right_secret = 'foo'
|
||||
jws_message = jws.encode(payload, right_secret)
|
||||
|
|
|
@ -472,3 +472,13 @@ class TestJWT:
|
|||
secret,
|
||||
verify_expiration=True
|
||||
)
|
||||
|
||||
def test_decode_with_optional_algorithms(self, jwt, payload):
|
||||
secret = 'secret'
|
||||
jwt_message = jwt.encode(payload, secret)
|
||||
|
||||
pytest.deprecated_call(
|
||||
jwt.decode,
|
||||
jwt_message,
|
||||
secret
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue