Hello community,
here is the log from the commit of package python-djangorestframework-simplejwt
for openSUSE:Factory checked in at 2019-09-13 15:03:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-djangorestframework-simplejwt (Old)
and
/work/SRC/openSUSE:Factory/.python-djangorestframework-simplejwt.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-djangorestframework-simplejwt"
Fri Sep 13 15:03:26 2019 rev:2 rq:730636 version:4.3.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-djangorestframework-simplejwt/python-djangorestframework-simplejwt.changes
2019-04-23 14:35:40.005456395 +0200
+++
/work/SRC/openSUSE:Factory/.python-djangorestframework-simplejwt.new.7948/python-djangorestframework-simplejwt.changes
2019-09-13 15:05:03.289260097 +0200
@@ -1,0 +2,9 @@
+Fri Sep 13 08:46:31 UTC 2019 - Tomáš Chvátal <[email protected]>
+
+- Update to 4.3.0:
+ * Added JTI_CLAIM setting to allow storing token identifiers under a
different claim.
+ * We now return HTTP 401 for user not found or inactive.
+ * Restricted setup.py config to Python 3 only.
+ * Included translation files in release package.
+
+-------------------------------------------------------------------
Old:
----
djangorestframework_simplejwt-4.1.3.tar.gz
New:
----
djangorestframework_simplejwt-4.3.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-djangorestframework-simplejwt.spec ++++++
--- /var/tmp/diff_new_pack.cjjKK8/_old 2019-09-13 15:05:03.941259959 +0200
+++ /var/tmp/diff_new_pack.cjjKK8/_new 2019-09-13 15:05:03.949259957 +0200
@@ -12,31 +12,31 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-djangorestframework-simplejwt
-Version: 4.1.3
+Version: 4.3.0
Release: 0
-License: MIT
Summary: JSON Web Token authentication for Django REST Framework
-Url: https://github.com/davesque/django-rest-framework-simplejwt
+License: MIT
Group: Development/Languages/Python
-Source:
https://github.com/davesque/django-rest-framework-simplejwt/archive/v4.1.3.tar.gz#/djangorestframework_simplejwt-%{version}.tar.gz
-BuildRequires: python-rpm-macros
+URL: https://github.com/davesque/django-rest-framework-simplejwt
+Source:
https://github.com/davesque/django-rest-framework-simplejwt/archive/v%{version}.tar.gz#/djangorestframework_simplejwt-%{version}.tar.gz
BuildRequires: %{python_module PyJWT}
BuildRequires: %{python_module djangorestframework}
BuildRequires: %{python_module pytest-django}
BuildRequires: %{python_module python-jose}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
+BuildRequires: python-rpm-macros
Requires: python-PyJWT
Requires: python-djangorestframework
Recommends: python-python-jose
BuildArch: noarch
-
%python_subpackages
%description
@@ -56,7 +56,7 @@
%check
export LANG=en_US.UTF-8
-%python_exec -m pytest
+%pytest
%files %{python_files}
%license LICENSE.txt licenses/*
++++++ djangorestframework_simplejwt-4.1.3.tar.gz ->
djangorestframework_simplejwt-4.3.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/.travis.yml
new/django-rest-framework-simplejwt-4.3.0/.travis.yml
--- old/django-rest-framework-simplejwt-4.1.3/.travis.yml 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/.travis.yml 2019-04-16
04:25:16.000000000 +0200
@@ -14,6 +14,7 @@
- DJANGO=1.11
- DJANGO=2.0
- DJANGO=2.1
+ - DJANGO=2.2
- DJANGO=master
matrix:
@@ -27,6 +28,8 @@
- python: "3.5"
env: DJANGO=2.1
- python: "3.5"
+ env: DJANGO=2.2
+ - python: "3.5"
env: DJANGO=master
- python: "3.6"
env: DJANGO=master
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/CHANGELOG.md
new/django-rest-framework-simplejwt-4.3.0/CHANGELOG.md
--- old/django-rest-framework-simplejwt-4.1.3/CHANGELOG.md 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/CHANGELOG.md 2019-04-16
04:25:16.000000000 +0200
@@ -1,3 +1,20 @@
+## Version 4.3
+
+* Added `JTI_CLAIM` setting to allow storing token identifiers under a
+ different claim.
+
+## Version 4.2
+
+* We now return HTTP 401 for user not found or inactive.
+
+## Version 4.1.5
+
+* Restricted `setup.py` config to Python 3 only.
+
+## Version 4.1.4
+
+* Included translation files in release package.
+
## Version 4.1.3
* Updated `python-jose` version requirement.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/MANIFEST.in
new/django-rest-framework-simplejwt-4.3.0/MANIFEST.in
--- old/django-rest-framework-simplejwt-4.1.3/MANIFEST.in 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/MANIFEST.in 2019-04-16
04:25:16.000000000 +0200
@@ -1,4 +1,6 @@
include README.rst
include LICENSE.txt
+recursive-include rest_framework_simplejwt/locale *.mo
+recursive-include rest_framework_simplejwt/locale *.po
recursive-exclude * __pycache__
recursive-exclude * *.py[co]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/README.rst
new/django-rest-framework-simplejwt-4.3.0/README.rst
--- old/django-rest-framework-simplejwt-4.1.3/README.rst 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/README.rst 2019-04-16
04:25:16.000000000 +0200
@@ -22,7 +22,7 @@
------------
* Python (3.5, 3.6, 3.7)
-* Django (1.11, 2.0, 2.1)
+* Django (1.11, 2.0, 2.1, 2.2)
* Django REST Framework (3.5, 3.6, 3.7, 3.8, 3.9)
These are the officially supported python and package versions. Other versions
@@ -155,6 +155,8 @@
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
+ 'JTI_CLAIM': 'jti',
+
'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
@@ -257,6 +259,12 @@
The claim name that is used to store a token's type. More about this in the
"Token types" section below.
+JTI_CLAIM
+ The claim name that is used to store a token's unique identifier. This
+ identifier is used to identify revoked tokens in the blacklist app. It may
+ be necessary in some cases to use another claim besides the default "jti"
+ claim to store such a value.
+
SLIDING_TOKEN_LIFETIME
A ``datetime.timedelta`` object which specifies how long sliding tokens are
valid to prove authentication. This ``timedelta`` value is added to the
@@ -420,7 +428,7 @@
tokens before it considers it as valid.
The Simple JWT blacklist app implements its outstanding and blacklisted token
-lists using two model: ``OutstandingToken`` and ``BlacklistedToken``. Model
+lists using two models: ``OutstandingToken`` and ``BlacklistedToken``. Model
admins are defined for both of these models. To add a token to the blacklist,
find its corresponding ``OutstandingToken`` record in the admin and use the
admin again to create a ``BlacklistedToken`` record that points to the
@@ -437,7 +445,7 @@
token.blacklist()
This will create unique outstanding token and blacklist records for the token's
-"jti" claim.
+"jti" claim or whichever claim is specified by the ``JTI_CLAIM`` setting.
The blacklist app also provides a management command, ``flushexpiredtokens``,
which will delete any tokens from the outstanding list and blacklist that have
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/django-rest-framework-simplejwt-4.1.3/rest_framework_simplejwt/serializers.py
new/django-rest-framework-simplejwt-4.3.0/rest_framework_simplejwt/serializers.py
---
old/django-rest-framework-simplejwt-4.1.3/rest_framework_simplejwt/serializers.py
2019-04-04 21:04:57.000000000 +0200
+++
new/django-rest-framework-simplejwt-4.3.0/rest_framework_simplejwt/serializers.py
2019-04-16 04:25:16.000000000 +0200
@@ -1,6 +1,6 @@
from django.contrib.auth import authenticate
from django.utils.translation import ugettext_lazy as _
-from rest_framework import serializers
+from rest_framework import exceptions, serializers
from .settings import api_settings
from .state import User
@@ -50,7 +50,10 @@
# users from authenticating to enforce a reasonable policy and provide
# sensible backwards compatibility with older Django versions.
if self.user is None or not self.user.is_active:
- self.fail('no_active_account')
+ raise exceptions.AuthenticationFailed(
+ self.error_messages['no_active_account'],
+ 'no_active_account',
+ )
return {}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/django-rest-framework-simplejwt-4.1.3/rest_framework_simplejwt/settings.py
new/django-rest-framework-simplejwt-4.3.0/rest_framework_simplejwt/settings.py
---
old/django-rest-framework-simplejwt-4.1.3/rest_framework_simplejwt/settings.py
2019-04-04 21:04:57.000000000 +0200
+++
new/django-rest-framework-simplejwt-4.3.0/rest_framework_simplejwt/settings.py
2019-04-16 04:25:16.000000000 +0200
@@ -26,6 +26,8 @@
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
+ 'JTI_CLAIM': 'jti',
+
'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/django-rest-framework-simplejwt-4.1.3/rest_framework_simplejwt/tokens.py
new/django-rest-framework-simplejwt-4.3.0/rest_framework_simplejwt/tokens.py
---
old/django-rest-framework-simplejwt-4.1.3/rest_framework_simplejwt/tokens.py
2019-04-04 21:04:57.000000000 +0200
+++
new/django-rest-framework-simplejwt-4.3.0/rest_framework_simplejwt/tokens.py
2019-04-16 04:25:16.000000000 +0200
@@ -94,7 +94,7 @@
self.check_exp()
# Ensure token id is present
- if 'jti' not in self.payload:
+ if api_settings.JTI_CLAIM not in self.payload:
raise TokenError(_('Token has no id'))
self.verify_token_type()
@@ -113,14 +113,14 @@
def set_jti(self):
"""
- Populates the "jti" claim of a token with a string where there is a
- negligible probability that the same string will be chosen at a
+ Populates the configured jti claim of a token with a string where there
+ is a negligible probability that the same string will be chosen at a
later time.
See here:
https://tools.ietf.org/html/rfc7519#section-4.1.7
"""
- self.payload['jti'] = uuid4().hex
+ self.payload[api_settings.JTI_CLAIM] = uuid4().hex
def set_exp(self, claim='exp', from_time=None, lifetime=None):
"""
@@ -186,7 +186,7 @@
Checks if this token is present in the token blacklist. Raises
`TokenError` if so.
"""
- jti = self.payload['jti']
+ jti = self.payload[api_settings.JTI_CLAIM]
if BlacklistedToken.objects.filter(token__jti=jti).exists():
raise TokenError(_('Token is blacklisted'))
@@ -196,7 +196,7 @@
Ensures this token is included in the outstanding token list and
adds it to the blacklist.
"""
- jti = self.payload['jti']
+ jti = self.payload[api_settings.JTI_CLAIM]
exp = self.payload['exp']
# Ensure outstanding token exists with given jti
@@ -217,7 +217,7 @@
"""
token = super().for_user(user)
- jti = token['jti']
+ jti = token[api_settings.JTI_CLAIM]
exp = token['exp']
OutstandingToken.objects.create(
@@ -250,7 +250,17 @@
class RefreshToken(BlacklistMixin, Token):
token_type = 'refresh'
lifetime = api_settings.REFRESH_TOKEN_LIFETIME
- no_copy_claims = (api_settings.TOKEN_TYPE_CLAIM, 'exp', 'jti')
+ no_copy_claims = (
+ api_settings.TOKEN_TYPE_CLAIM,
+ 'exp',
+
+ # Both of these claims are included even though they may be the same.
+ # It seems possible that a third party token might have a custom or
+ # namespaced JTI claim as well as a default "jti" claim. In that case,
+ # we wouldn't want to copy either one.
+ api_settings.JTI_CLAIM,
+ 'jti',
+ )
@property
def access_token(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/setup.cfg
new/django-rest-framework-simplejwt-4.3.0/setup.cfg
--- old/django-rest-framework-simplejwt-4.1.3/setup.cfg 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/setup.cfg 2019-04-16
04:25:16.000000000 +0200
@@ -1,5 +1,2 @@
-[wheel]
-universal = 1
-
[metadata]
license_file = LICENSE.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/setup.py
new/django-rest-framework-simplejwt-4.3.0/setup.py
--- old/django-rest-framework-simplejwt-4.1.3/setup.py 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/setup.py 2019-04-16
04:25:16.000000000 +0200
@@ -45,7 +45,7 @@
setup(
name='djangorestframework_simplejwt',
- version='4.1.3',
+ version='4.3.0',
url='https://github.com/davesque/django-rest-framework-simplejwt',
license='MIT',
description='A minimal JSON Web Token authentication plugin for Django
REST Framework',
@@ -57,6 +57,7 @@
'djangorestframework',
'pyjwt',
],
+ python_requires='>=3.5,<4',
extras_require=extras_require,
packages=find_packages(exclude=['tests', 'tests.*', 'licenses',
'requirements']),
classifiers=[
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/django-rest-framework-simplejwt-4.1.3/tests/test_serializers.py
new/django-rest-framework-simplejwt-4.3.0/tests/test_serializers.py
--- old/django-rest-framework-simplejwt-4.1.3/tests/test_serializers.py
2019-04-04 21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/tests/test_serializers.py
2019-04-16 04:25:16.000000000 +0200
@@ -2,6 +2,7 @@
from unittest.mock import MagicMock, patch
from django.test import TestCase
+from rest_framework import exceptions as drf_exceptions
from rest_framework_simplejwt.exceptions import TokenError
from rest_framework_simplejwt.serializers import (
@@ -58,10 +59,10 @@
'password': 'pass',
})
- self.assertFalse(s.is_valid())
- self.assertIn('non_field_errors', s.errors)
+ with self.assertRaises(drf_exceptions.AuthenticationFailed):
+ s.is_valid()
- def test_it_should_not_validate_if_user_not_active(self):
+ def test_it_should_raise_if_user_not_active(self):
self.user.is_active = False
self.user.save()
@@ -70,8 +71,8 @@
'password': self.password,
})
- self.assertFalse(s.is_valid())
- self.assertIn('non_field_errors', s.errors)
+ with self.assertRaises(drf_exceptions.AuthenticationFailed):
+ s.is_valid()
class TestTokenObtainSlidingSerializer(TestCase):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/django-rest-framework-simplejwt-4.1.3/tests/test_views.py
new/django-rest-framework-simplejwt-4.3.0/tests/test_views.py
--- old/django-rest-framework-simplejwt-4.1.3/tests/test_views.py
2019-04-04 21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/tests/test_views.py
2019-04-16 04:25:16.000000000 +0200
@@ -44,8 +44,8 @@
User.USERNAME_FIELD: self.username,
'password': 'test_user',
})
- self.assertEqual(res.status_code, 400)
- self.assertIn('non_field_errors', res.data)
+ self.assertEqual(res.status_code, 401)
+ self.assertIn('detail', res.data)
def test_user_inactive(self):
self.user.is_active = False
@@ -55,8 +55,8 @@
User.USERNAME_FIELD: self.username,
'password': self.password,
})
- self.assertEqual(res.status_code, 400)
- self.assertIn('non_field_errors', res.data)
+ self.assertEqual(res.status_code, 401)
+ self.assertIn('detail', res.data)
def test_success(self):
res = self.view_post(data={
@@ -150,8 +150,8 @@
User.USERNAME_FIELD: self.username,
'password': 'test_user',
})
- self.assertEqual(res.status_code, 400)
- self.assertIn('non_field_errors', res.data)
+ self.assertEqual(res.status_code, 401)
+ self.assertIn('detail', res.data)
def test_user_inactive(self):
self.user.is_active = False
@@ -161,8 +161,8 @@
User.USERNAME_FIELD: self.username,
'password': self.password,
})
- self.assertEqual(res.status_code, 400)
- self.assertIn('non_field_errors', res.data)
+ self.assertEqual(res.status_code, 401)
+ self.assertIn('detail', res.data)
def test_success(self):
res = self.view_post(data={
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/django-rest-framework-simplejwt-4.1.3/tox.ini
new/django-rest-framework-simplejwt-4.3.0/tox.ini
--- old/django-rest-framework-simplejwt-4.1.3/tox.ini 2019-04-04
21:04:57.000000000 +0200
+++ new/django-rest-framework-simplejwt-4.3.0/tox.ini 2019-04-16
04:25:16.000000000 +0200
@@ -2,7 +2,7 @@
envlist=
py{35,36}-django111-drf{35,36,37,38}
py{35,36,37}-django20-drf{37,38}
- py{36,37}-django21-drf{38,39}
+ py{36,37}-django{21,22}-drf{38,39}
py37-djangomaster-drf39
lint
@@ -11,6 +11,7 @@
1.11: django111
2.0: django20
2.1: django21
+ 2.2: django22
master: djangomaster
[flake8]
@@ -38,6 +39,7 @@
django111: Django>=1.11,<2.0
django20: Django>=2.0,<2.1
django21: Django>=2.1,<2.2
+ django22: Django>=2.2,<2.3
drf35: djangorestframework>=3.5,<3.6
drf36: djangorestframework>=3.6,<3.7
drf37: djangorestframework>=3.7,<3.8
