API - update pyjwt to 2.0.0

jwt.encode() returns now tokens as string instead of a byte string

fittrackee/tests/test_auth_api.py

@@ -1068,7 +1068,7 @@ class TestPasswordUpdate:
             '/api/auth/password/update',
             data=json.dumps(
                 dict(
-                    token=token.decode(),
+                    token=token,
                     password='12345678',
                     password_conf='12345678',
                 )
@@ -1091,7 +1091,7 @@ class TestPasswordUpdate:
                 '/api/auth/password/update',
                 data=json.dumps(
                     dict(
-                        token=token.decode(),
+                        token=token,
                         password='12345678',
                         password_conf='12345678',
                     )
@@ -1114,7 +1114,7 @@ class TestPasswordUpdate:
             '/api/auth/password/update',
             data=json.dumps(
                 dict(
-                    token=token.decode(),
+                    token=token,
                     password='1234567',
                     password_conf='1234567',
                 )
@@ -1135,7 +1135,7 @@ class TestPasswordUpdate:
             '/api/auth/password/update',
             data=json.dumps(
                 dict(
-                    token=token.decode(),
+                    token=token,
                     password='12345678',
                     password_conf='12345678',
                 )

fittrackee/tests/test_users_model.py

@@ -25,13 +25,13 @@ class TestUserModel:
 
     def test_encode_auth_token(self, app, user_1):
         auth_token = user_1.encode_auth_token(user_1.id)
-        assert isinstance(auth_token, bytes)
+        assert isinstance(auth_token, str)
 
     def test_encode_password_token(self, app, user_1):
         password_token = user_1.encode_password_reset_token(user_1.id)
-        assert isinstance(password_token, bytes)
+        assert isinstance(password_token, str)
 
     def test_decode_auth_token(self, app, user_1):
         auth_token = user_1.encode_auth_token(user_1.id)
-        assert isinstance(auth_token, bytes)
+        assert isinstance(auth_token, str)
         assert User.decode_auth_token(auth_token) == user_1.id

fittrackee/users/auth.py

@@ -136,7 +136,7 @@ def register_user():
             response_object = {
                 'status': 'success',
                 'message': 'Successfully registered.',
-                'auth_token': auth_token.decode(),
+                'auth_token': auth_token,
             }
             return jsonify(response_object), 201
         else:
@@ -220,7 +220,7 @@ def login_user():
             response_object = {
                 'status': 'success',
                 'message': 'Successfully logged in.',
-                'auth_token': auth_token.decode(),
+                'auth_token': auth_token,
             }
             return jsonify(response_object), 200
         else:
@@ -708,7 +708,7 @@ def request_password_reset():
             ),
             'username': user.username,
             'password_reset_url': (
-                f'{ui_url}/password-reset?token={password_reset_token.decode()}'  # noqa
+                f'{ui_url}/password-reset?token={password_reset_token}'  # noqa
             ),
             'operating_system': request.user_agent.platform,
             'browser_name': request.user_agent.browser,

fittrackee/users/utils_token.py

@@ -29,5 +29,9 @@ def get_user_token(user_id, password_reset=False):
 
 
 def decode_user_token(auth_token):
-    payload = jwt.decode(auth_token, current_app.config.get('SECRET_KEY'))
+    payload = jwt.decode(
+        auth_token,
+        current_app.config.get('SECRET_KEY'),
+        algorithms=['HS256'],
+    )
     return payload['sub']

poetry.lock

@@ -572,16 +572,17 @@ python-versions = ">=3.5"
 
 [[package]]
 name = "pyjwt"
-version = "1.7.1"
+version = "2.0.0"
 description = "JSON Web Token implementation in Python"
 category = "main"
 optional = false
-python-versions = "*"
+python-versions = ">=3.6"
 
 [package.extras]
-crypto = ["cryptography (>=1.4)"]
-flake8 = ["flake8", "flake8-import-order", "pep8-naming"]
-test = ["pytest (>=4.0.1,<5.0.0)", "pytest-cov (>=2.6.0,<3.0.0)", "pytest-runner (>=4.2,<5.0.0)"]
+crypto = ["cryptography (>=3.3.1,<4.0.0)"]
+dev = ["sphinx", "sphinx-rtd-theme", "zope.interface", "cryptography (>=3.3.1,<4.0.0)", "pytest (>=6.0.0,<7.0.0)", "coverage (5.0.4)", "mypy", "pre-commit"]
+docs = ["sphinx", "sphinx-rtd-theme", "zope.interface"]
+tests = ["pytest (>=6.0.0,<7.0.0)", "coverage (5.0.4)"]
 
 [[package]]
 name = "pyopenssl"
@@ -1153,7 +1154,7 @@ testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pyt
 [metadata]
 lock-version = "1.0"
 python-versions = "^3.7"
-content-hash = "ad0ceb37d6e7f141706c216184d8a92d005e33966b58ebad37d195fe7a3c5caf"
+content-hash = "94d589f7d4810e10acf98513037953027e13374bf13a62207570d9caca3f9ab0"
 
 [metadata.files]
 alabaster = [
@@ -1538,8 +1539,8 @@ pygments = [
     {file = "Pygments-2.7.3.tar.gz", hash = "sha256:ccf3acacf3782cbed4a989426012f1c535c9a90d3a7fc3f16d231b9372d2b716"},
 ]
 pyjwt = [
-    {file = "PyJWT-1.7.1-py2.py3-none-any.whl", hash = "sha256:5c6eca3c2940464d106b99ba83b00c6add741c9becaec087fb7ccdefea71350e"},
-    {file = "PyJWT-1.7.1.tar.gz", hash = "sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96"},
+    {file = "PyJWT-2.0.0-py3-none-any.whl", hash = "sha256:5c2ff2eb27d7e342dfc3cafcc16412781f06db2690fbef81922b0172598f085b"},
+    {file = "PyJWT-2.0.0.tar.gz", hash = "sha256:7a2b271c6dac2fda9e0c33d176c4253faba2c6c6b3a99c7f28a32c3c97522779"},
 ]
 pyopenssl = [
     {file = "pyOpenSSL-20.0.1-py2.py3-none-any.whl", hash = "sha256:818ae18e06922c066f777a33f1fca45786d85edfe71cd043de6379337a7f274b"},

pyproject.toml

@@ -32,7 +32,7 @@ gpxpy = "=1.3.4"
 gunicorn = "^20.0"
 humanize = "^3.2.0"
 psycopg2-binary = "^2.8"
-pyjwt = "^1.7"
+pyjwt = "^2.0"
 python-forecastio = "^1.4"
 pytz = "^2020.5"
 staticmap = "^0.5.4"