Hello community, here is the log from the commit of package python-PyFxA for openSUSE:Factory checked in at 2020-09-23 18:43:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-PyFxA (Old) and /work/SRC/openSUSE:Factory/.python-PyFxA.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyFxA" Wed Sep 23 18:43:58 2020 rev:10 rq:836145 version:0.7.7 Changes: -------- --- /work/SRC/openSUSE:Factory/python-PyFxA/python-PyFxA.changes 2020-07-14 07:58:54.901716865 +0200 +++ /work/SRC/openSUSE:Factory/.python-PyFxA.new.4249/python-PyFxA.changes 2020-09-23 18:45:01.449576523 +0200 @@ -1,0 +2,10 @@ +Tue Sep 22 18:46:00 UTC 2020 - Antoine Belvire <antoine.belv...@opensuse.org> + +- Update to version 0.7.7: + * Fix incorrect validation of JWKs passed to oauth.Client + constructor, which was actually *preventing* the caller from + setting a correct value rather than checking that they did so. +- Fix check section: Use double quotes when defining the list of + tests since single quotes mess with the pytest macro. + +------------------------------------------------------------------- Old: ---- PyFxA-0.7.6.tar.gz New: ---- PyFxA-0.7.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-PyFxA.spec ++++++ --- /var/tmp/diff_new_pack.1pXwBY/_old 2020-09-23 18:45:03.217578151 +0200 +++ /var/tmp/diff_new_pack.1pXwBY/_new 2020-09-23 18:45:03.229578162 +0200 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-PyFxA -Version: 0.7.6 +Version: 0.7.7 Release: 0 Summary: Firefox Accounts client library for Python License: MPL-2.0 @@ -70,14 +70,14 @@ %check # Exclude tests which require network connection + # deprecated test_monkey_patch_for_gevent -includedTests='\ +includedTests="\ not TestAuthClientAuthorizeToken and\ not TestAuthClientVerifyCode and\ not TestCachedClient and\ not TestCoreClient and\ not TestCoreClientSession and\ not TestJwtToken and\ - not test_monkey_patch_for_gevent' + not test_monkey_patch_for_gevent" %pytest -k "${includedTests}" fxa/tests/ %post ++++++ PyFxA-0.7.6.tar.gz -> PyFxA-0.7.7.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyFxA-0.7.6/CHANGES.txt new/PyFxA-0.7.7/CHANGES.txt --- old/PyFxA-0.7.6/CHANGES.txt 2020-07-10 01:59:18.000000000 +0200 +++ new/PyFxA-0.7.7/CHANGES.txt 2020-07-17 02:20:22.000000000 +0200 @@ -3,6 +3,14 @@ This document describes changes between each past release. +0.7.7 (2020-07-17) +================== + +- Fix incorrect validation of JWKs passed to oauth.Client constructor, + which was actually *preventing* the caller from setting a correct value + rather than checking that they did so. + + 0.7.6 (2020-07-10) ================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyFxA-0.7.6/PKG-INFO new/PyFxA-0.7.7/PKG-INFO --- old/PyFxA-0.7.6/PKG-INFO 2020-07-10 02:00:54.000000000 +0200 +++ new/PyFxA-0.7.7/PKG-INFO 2020-07-17 02:23:05.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: PyFxA -Version: 0.7.6 +Version: 0.7.7 Summary: Firefox Accounts client library for Python Home-page: https://github.com/mozilla/PyFxA Author: Mozilla Services @@ -316,6 +316,14 @@ This document describes changes between each past release. + 0.7.7 (2020-07-17) + ================== + + - Fix incorrect validation of JWKs passed to oauth.Client constructor, + which was actually *preventing* the caller from setting a correct value + rather than checking that they did so. + + 0.7.6 (2020-07-10) ================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyFxA-0.7.6/PyFxA.egg-info/PKG-INFO new/PyFxA-0.7.7/PyFxA.egg-info/PKG-INFO --- old/PyFxA-0.7.6/PyFxA.egg-info/PKG-INFO 2020-07-10 02:00:54.000000000 +0200 +++ new/PyFxA-0.7.7/PyFxA.egg-info/PKG-INFO 2020-07-17 02:23:05.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: PyFxA -Version: 0.7.6 +Version: 0.7.7 Summary: Firefox Accounts client library for Python Home-page: https://github.com/mozilla/PyFxA Author: Mozilla Services @@ -316,6 +316,14 @@ This document describes changes between each past release. + 0.7.7 (2020-07-17) + ================== + + - Fix incorrect validation of JWKs passed to oauth.Client constructor, + which was actually *preventing* the caller from setting a correct value + rather than checking that they did so. + + 0.7.6 (2020-07-10) ================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyFxA-0.7.6/fxa/oauth.py new/PyFxA-0.7.7/fxa/oauth.py --- old/PyFxA-0.7.6/fxa/oauth.py 2020-07-10 01:57:17.000000000 +0200 +++ new/PyFxA-0.7.7/fxa/oauth.py 2020-07-17 02:19:01.000000000 +0200 @@ -45,7 +45,7 @@ if jwks is not None: # Fail early if bad JWKs were provided. for key in jwks: - jwt.algorithms.RSAAlgorithm.from_jwk(key) + jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(key)) self.jwks = jwks @property diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyFxA-0.7.6/fxa/tests/test_oauth.py new/PyFxA-0.7.7/fxa/tests/test_oauth.py --- old/PyFxA-0.7.6/fxa/tests/test_oauth.py 2020-07-10 01:46:43.000000000 +0200 +++ new/PyFxA-0.7.7/fxa/tests/test_oauth.py 2020-07-17 02:19:01.000000000 +0200 @@ -738,6 +738,24 @@ raise Exception("testing with a garbage token should have \ called /verify, but it did not.") + def test_jwks_param_validation(self): + client = Client(server_url=self.server_url, jwks=[]) + self.assertEqual(client.jwks, []) + + jwks_file = os.path.join(os.path.dirname(__file__), "jwks.json") + jwks = json.loads(open(jwks_file).read())["keys"] + client = Client(server_url=self.server_url, jwks=jwks) + self.assertEqual(client.jwks, jwks) + + jwks.append("this is not the JWK you're looking for") + with self.assertRaises(AttributeError): + Client(server_url=self.server_url, jwks=jwks) + + jwks.pop() + jwks[0]["kty"] = "InvalidKty" + with self.assertRaises(jwt.exceptions.InvalidKeyError): + Client(server_url=self.server_url, jwks=jwks) + class AnyStringValue: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyFxA-0.7.6/setup.py new/PyFxA-0.7.7/setup.py --- old/PyFxA-0.7.6/setup.py 2020-07-10 01:59:53.000000000 +0200 +++ new/PyFxA-0.7.7/setup.py 2020-07-17 02:20:42.000000000 +0200 @@ -41,7 +41,7 @@ setup(name="PyFxA", - version='0.7.6', + version='0.7.7', description="Firefox Accounts client library for Python", long_description=README + "\n\n" + CHANGES, classifiers=[