From c890ec6be1472758a8f46b6388b889099c454437 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 25 Dec 2020 19:35:15 +0100 Subject: [PATCH] API - update pyjwt to 2.0.0 jwt.encode() returns now tokens as string instead of a byte string --- fittrackee/tests/test_auth_api.py | 8 ++++---- fittrackee/tests/test_users_model.py | 6 +++--- fittrackee/users/auth.py | 6 +++--- fittrackee/users/utils_token.py | 6 +++++- poetry.lock | 17 +++++++++-------- pyproject.toml | 2 +- 6 files changed, 25 insertions(+), 20 deletions(-) diff --git a/fittrackee/tests/test_auth_api.py b/fittrackee/tests/test_auth_api.py index d5330087..3c1bdd86 100644 --- a/fittrackee/tests/test_auth_api.py +++ b/fittrackee/tests/test_auth_api.py @@ -1068,7 +1068,7 @@ class TestPasswordUpdate: '/api/auth/password/update', data=json.dumps( dict( - token=token.decode(), + token=token, password='12345678', password_conf='12345678', ) @@ -1091,7 +1091,7 @@ class TestPasswordUpdate: '/api/auth/password/update', data=json.dumps( dict( - token=token.decode(), + token=token, password='12345678', password_conf='12345678', ) @@ -1114,7 +1114,7 @@ class TestPasswordUpdate: '/api/auth/password/update', data=json.dumps( dict( - token=token.decode(), + token=token, password='1234567', password_conf='1234567', ) @@ -1135,7 +1135,7 @@ class TestPasswordUpdate: '/api/auth/password/update', data=json.dumps( dict( - token=token.decode(), + token=token, password='12345678', password_conf='12345678', ) diff --git a/fittrackee/tests/test_users_model.py b/fittrackee/tests/test_users_model.py index 23669f3e..7d48b847 100644 --- a/fittrackee/tests/test_users_model.py +++ b/fittrackee/tests/test_users_model.py @@ -25,13 +25,13 @@ class TestUserModel: def test_encode_auth_token(self, app, user_1): auth_token = user_1.encode_auth_token(user_1.id) - assert isinstance(auth_token, bytes) + assert isinstance(auth_token, str) def test_encode_password_token(self, app, user_1): password_token = user_1.encode_password_reset_token(user_1.id) - assert isinstance(password_token, bytes) + assert isinstance(password_token, str) def test_decode_auth_token(self, app, user_1): auth_token = user_1.encode_auth_token(user_1.id) - assert isinstance(auth_token, bytes) + assert isinstance(auth_token, str) assert User.decode_auth_token(auth_token) == user_1.id diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py index 7dd50c30..54dd2c1a 100644 --- a/fittrackee/users/auth.py +++ b/fittrackee/users/auth.py @@ -136,7 +136,7 @@ def register_user(): response_object = { 'status': 'success', 'message': 'Successfully registered.', - 'auth_token': auth_token.decode(), + 'auth_token': auth_token, } return jsonify(response_object), 201 else: @@ -220,7 +220,7 @@ def login_user(): response_object = { 'status': 'success', 'message': 'Successfully logged in.', - 'auth_token': auth_token.decode(), + 'auth_token': auth_token, } return jsonify(response_object), 200 else: @@ -708,7 +708,7 @@ def request_password_reset(): ), 'username': user.username, 'password_reset_url': ( - f'{ui_url}/password-reset?token={password_reset_token.decode()}' # noqa + f'{ui_url}/password-reset?token={password_reset_token}' # noqa ), 'operating_system': request.user_agent.platform, 'browser_name': request.user_agent.browser, diff --git a/fittrackee/users/utils_token.py b/fittrackee/users/utils_token.py index 8607bdfe..d9b61bd5 100644 --- a/fittrackee/users/utils_token.py +++ b/fittrackee/users/utils_token.py @@ -29,5 +29,9 @@ def get_user_token(user_id, password_reset=False): def decode_user_token(auth_token): - payload = jwt.decode(auth_token, current_app.config.get('SECRET_KEY')) + payload = jwt.decode( + auth_token, + current_app.config.get('SECRET_KEY'), + algorithms=['HS256'], + ) return payload['sub'] diff --git a/poetry.lock b/poetry.lock index 5a60dc3d..a9e956f5 100644 --- a/poetry.lock +++ b/poetry.lock @@ -572,16 +572,17 @@ python-versions = ">=3.5" [[package]] name = "pyjwt" -version = "1.7.1" +version = "2.0.0" description = "JSON Web Token implementation in Python" category = "main" optional = false -python-versions = "*" +python-versions = ">=3.6" [package.extras] -crypto = ["cryptography (>=1.4)"] -flake8 = ["flake8", "flake8-import-order", "pep8-naming"] -test = ["pytest (>=4.0.1,<5.0.0)", "pytest-cov (>=2.6.0,<3.0.0)", "pytest-runner (>=4.2,<5.0.0)"] +crypto = ["cryptography (>=3.3.1,<4.0.0)"] +dev = ["sphinx", "sphinx-rtd-theme", "zope.interface", "cryptography (>=3.3.1,<4.0.0)", "pytest (>=6.0.0,<7.0.0)", "coverage (5.0.4)", "mypy", "pre-commit"] +docs = ["sphinx", "sphinx-rtd-theme", "zope.interface"] +tests = ["pytest (>=6.0.0,<7.0.0)", "coverage (5.0.4)"] [[package]] name = "pyopenssl" @@ -1153,7 +1154,7 @@ testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pyt [metadata] lock-version = "1.0" python-versions = "^3.7" -content-hash = "ad0ceb37d6e7f141706c216184d8a92d005e33966b58ebad37d195fe7a3c5caf" +content-hash = "94d589f7d4810e10acf98513037953027e13374bf13a62207570d9caca3f9ab0" [metadata.files] alabaster = [ @@ -1538,8 +1539,8 @@ pygments = [ {file = "Pygments-2.7.3.tar.gz", hash = "sha256:ccf3acacf3782cbed4a989426012f1c535c9a90d3a7fc3f16d231b9372d2b716"}, ] pyjwt = [ - {file = "PyJWT-1.7.1-py2.py3-none-any.whl", hash = "sha256:5c6eca3c2940464d106b99ba83b00c6add741c9becaec087fb7ccdefea71350e"}, - {file = "PyJWT-1.7.1.tar.gz", hash = "sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96"}, + {file = "PyJWT-2.0.0-py3-none-any.whl", hash = "sha256:5c2ff2eb27d7e342dfc3cafcc16412781f06db2690fbef81922b0172598f085b"}, + {file = "PyJWT-2.0.0.tar.gz", hash = "sha256:7a2b271c6dac2fda9e0c33d176c4253faba2c6c6b3a99c7f28a32c3c97522779"}, ] pyopenssl = [ {file = "pyOpenSSL-20.0.1-py2.py3-none-any.whl", hash = "sha256:818ae18e06922c066f777a33f1fca45786d85edfe71cd043de6379337a7f274b"}, diff --git a/pyproject.toml b/pyproject.toml index cd2beff3..d0340d52 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -32,7 +32,7 @@ gpxpy = "=1.3.4" gunicorn = "^20.0" humanize = "^3.2.0" psycopg2-binary = "^2.8" -pyjwt = "^1.7" +pyjwt = "^2.0" python-forecastio = "^1.4" pytz = "^2020.5" staticmap = "^0.5.4"