Add warning when decoding with no algorithms specified

This commit is contained in:
José Padilla 2017-06-21 16:04:35 -04:00
parent 37926ea0dd
commit 11f30c4050
4 changed files with 38 additions and 0 deletions

View File

@ -117,6 +117,15 @@ class PyJWS(object):
def decode(self, jws, key='', verify=True, algorithms=None, options=None,
**kwargs):
if not algorithms:
warnings.warn(
'It is strongly recommended that you pass in a ' +
'value for the "algorithms" argument when calling decode(). ' +
'This argument will be mandatory in a future version.',
DeprecationWarning
)
payload, signing_input, header, signature = self._load(jws)
if verify:

View File

@ -58,6 +58,15 @@ class PyJWT(PyJWS):
def decode(self, jwt, key='', verify=True, algorithms=None, options=None,
**kwargs):
if not algorithms:
warnings.warn(
'It is strongly recommended that you pass in a ' +
'value for the "algorithms" argument when calling decode(). ' +
'This argument will be mandatory in a future version.',
DeprecationWarning
)
payload, signing_input, header, signature = self._load(jwt)
if options is None:

View File

@ -265,6 +265,16 @@ class TestJWS:
pytest.deprecated_call(jws.decode, example_jws, verify=False)
def test_decode_with_optional_algorithms(self, jws):
example_secret = 'secret'
example_jws = (
b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'
b'aGVsbG8gd29ybGQ.'
b'SIr03zM64awWRdPrAM_61QWsZchAtgDV3pphfHPPWkI'
)
pytest.deprecated_call(jws.decode, example_jws, key=example_secret)
def test_load_no_verification(self, jws, payload):
right_secret = 'foo'
jws_message = jws.encode(payload, right_secret)

View File

@ -472,3 +472,13 @@ class TestJWT:
secret,
verify_expiration=True
)
def test_decode_with_optional_algorithms(self, jwt, payload):
secret = 'secret'
jwt_message = jwt.encode(payload, secret)
pytest.deprecated_call(
jwt.decode,
jwt_message,
secret
)