Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-djangorestframework-simplejwt
for openSUSE:Factory checked in at 2021-04-01 14:17:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-djangorestframework-simplejwt (Old)
and
/work/SRC/openSUSE:Factory/.python-djangorestframework-simplejwt.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-djangorestframework-simplejwt"
Thu Apr 1 14:17:56 2021 rev:4 rq:882386 version:4.6.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-djangorestframework-simplejwt/python-djangorestframework-simplejwt.changes
2020-07-26 16:19:49.880835633 +0200
+++
/work/SRC/openSUSE:Factory/.python-djangorestframework-simplejwt.new.2401/python-djangorestframework-simplejwt.changes
2021-04-01 14:19:22.776161339 +0200
@@ -1,0 +2,9 @@
+Wed Mar 31 14:25:07 UTC 2021 - Mark??ta Machov?? <mmach...@suse.com>
+
+- Update to 4.6.0
+ * Restored Python 3.7 support
+ * Added Indonesian translations
+ * Fixed Django 4.0 re_path deprecation
+- Add patch jwt2.patch for PyJWT>=2.0.0 support
+
+-------------------------------------------------------------------
Old:
----
djangorestframework_simplejwt-4.4.0.tar.gz
New:
----
djangorestframework_simplejwt-4.6.0.tar.gz
jwt2.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-djangorestframework-simplejwt.spec ++++++
--- /var/tmp/diff_new_pack.d7srxB/_old 2021-04-01 14:19:23.324162069 +0200
+++ /var/tmp/diff_new_pack.d7srxB/_new 2021-04-01 14:19:23.328162075 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-djangorestframework-simplejwt
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,15 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-djangorestframework-simplejwt
-Version: 4.4.0
+Version: 4.6.0
Release: 0
Summary: JSON Web Token authentication for Django REST Framework
License: MIT
Group: Development/Languages/Python
URL: https://github.com/davesque/django-rest-framework-simplejwt
Source:
https://github.com/davesque/django-rest-framework-simplejwt/archive/v%{version}.tar.gz#/djangorestframework_simplejwt-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM
https://github.com/jazzband/django-rest-framework-simplejwt/commit/ae1ea58daacb76a1d72e202198734053022a6efe
Support jwt 2
+Patch0: jwt2.patch
BuildRequires: %{python_module PyJWT}
BuildRequires: %{python_module djangorestframework}
BuildRequires: %{python_module pytest-django}
@@ -44,6 +46,7 @@
%prep
%setup -q -n django-rest-framework-simplejwt-%{version}
+%autopatch -p1
%build
export LANG=en_US.UTF-8
++++++ djangorestframework_simplejwt-4.4.0.tar.gz ->
djangorestframework_simplejwt-4.6.0.tar.gz ++++++
++++ 3754 lines of diff (skipped)
++++++ jwt2.patch ++++++
>From ae1ea58daacb76a1d72e202198734053022a6efe Mon Sep 17 00:00:00 2001
From: Riccardo Magliocchetti <riccardo.magliocche...@gmail.com>
Date: Mon, 22 Feb 2021 16:51:38 +0100
Subject: [PATCH] Support jwt 2 (#376)
* Add PyJWT 2.0.0 support
* Many tests relied on passing a payload into encode and changing it payload by
reference.
In PyJWT 2.0.0, the payload is copied (`dict.copy()`).
* Verify was deprecated in favor of using the option verify_signature. This is
reflected in backends.py. Unless you wrote verify=False, you are not effected
by this change.
* Isort lint
Co-authored-by: Andrew-Chen-Wang <acwangpyt...@gmail.com>
---
rest_framework_simplejwt/backends.py | 8 +++--
tests/test_backends.py | 44 ++++++++++++++++++----------
2 files changed, 33 insertions(+), 19 deletions(-)
diff --git a/rest_framework_simplejwt/backends.py
b/rest_framework_simplejwt/backends.py
index 887ecac..de7128a 100644
--- a/rest_framework_simplejwt/backends.py
+++ b/rest_framework_simplejwt/backends.py
@@ -65,9 +65,11 @@ def decode(self, token, verify=True):
signature check fails, or if its 'exp' claim indicates it has expired.
"""
try:
- return jwt.decode(token, self.verifying_key,
algorithms=[self.algorithm], verify=verify,
- audience=self.audience, issuer=self.issuer,
- options={'verify_aud': self.audience is not
None})
+ return jwt.decode(
+ token, self.verifying_key, algorithms=[self.algorithm],
verify=verify,
+ audience=self.audience, issuer=self.issuer,
+ options={'verify_aud': self.audience is not None,
"verify_signature": verify}
+ )
except InvalidAlgorithmError as ex:
raise TokenBackendError(_('Invalid algorithm specified')) from ex
except InvalidTokenError:
diff --git a/tests/test_backends.py b/tests/test_backends.py
index f9a9a23..bfb8da6 100644
--- a/tests/test_backends.py
+++ b/tests/test_backends.py
@@ -3,11 +3,13 @@
import jwt
from django.test import TestCase
-from jwt import PyJWT, algorithms
+from jwt import PyJWS, algorithms
from rest_framework_simplejwt.backends import TokenBackend
from rest_framework_simplejwt.exceptions import TokenBackendError
-from rest_framework_simplejwt.utils import aware_utcnow, make_utc
+from rest_framework_simplejwt.utils import (
+ aware_utcnow, datetime_to_epoch, make_utc,
+)
SECRET = 'not_secret'
@@ -163,9 +165,9 @@ def test_decode_hmac_with_expiry(self):
def test_decode_hmac_with_invalid_sig(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, SECRET,
algorithm='HS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, SECRET,
algorithm='HS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256')
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
@@ -176,9 +178,11 @@ def test_decode_hmac_with_invalid_sig(self):
def test_decode_hmac_with_invalid_sig_no_verify(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, SECRET,
algorithm='HS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, SECRET, algorithm='HS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, SECRET,
algorithm='HS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, SECRET, algorithm='HS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
@@ -193,7 +197,9 @@ def test_decode_hmac_success(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
self.payload['foo'] = 'baz'
- token = jwt.encode(self.payload, SECRET,
algorithm='HS256').decode('utf-8')
+ token = jwt.encode(self.payload, SECRET, algorithm='HS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(self.hmac_token_backend.decode(token), self.payload)
@@ -220,9 +226,9 @@ def test_decode_rsa_with_expiry(self):
def test_decode_rsa_with_invalid_sig(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
@@ -233,13 +239,15 @@ def test_decode_rsa_with_invalid_sig(self):
def test_decode_rsa_with_invalid_sig_no_verify(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
- token_1 = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token_1 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
self.payload['foo'] = 'baz'
- token_2 = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token_2 = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
invalid_token = token_2_payload + '.' + token_1_sig
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(
self.hmac_token_backend.decode(invalid_token, verify=False),
@@ -250,7 +258,9 @@ def test_decode_rsa_success(self):
self.payload['exp'] = aware_utcnow() + timedelta(days=1)
self.payload['foo'] = 'baz'
- token = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(self.rsa_token_backend.decode(token), self.payload)
@@ -260,21 +270,23 @@ def test_decode_aud_iss_success(self):
self.payload['aud'] = AUDIENCE
self.payload['iss'] = ISSUER
- token = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
+ # Payload copied
+ self.payload["exp"] = datetime_to_epoch(self.payload["exp"])
self.assertEqual(self.aud_iss_token_backend.decode(token),
self.payload)
def test_decode_when_algorithm_not_available(self):
- token = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
- pyjwt_without_rsa = PyJWT()
+ pyjwt_without_rsa = PyJWS()
pyjwt_without_rsa.unregister_algorithm('RS256')
with patch.object(jwt, 'decode', new=pyjwt_without_rsa.decode):
with self.assertRaisesRegex(TokenBackendError, 'Invalid algorithm
specified'):
self.rsa_token_backend.decode(token)
def test_decode_when_token_algorithm_does_not_match(self):
- token = jwt.encode(self.payload, PRIVATE_KEY,
algorithm='RS256').decode('utf-8')
+ token = jwt.encode(self.payload, PRIVATE_KEY, algorithm='RS256')
with self.assertRaisesRegex(TokenBackendError, 'Invalid algorithm
specified'):
self.hmac_token_backend.decode(token)
