jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-04-26 02:07:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump PyJWT to 2.1.0 (#55911)

Browse Source
This commit is contained in:
Ruslan Sayfutdinov 2021-09-08 04:59:02 +01:00 committed by GitHub
parent a764c79b6f
commit 7195b8222b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yaml vendored
View File

@ -10,7 +10,7 @@ on:
pull_request: ~ pull_request: ~
env: env:
CACHE_VERSION: 2 CACHE_VERSION: 3
DEFAULT_PYTHON: 3.8 DEFAULT_PYTHON: 3.8
PRE_COMMIT_CACHE: ~/.cache/pre-commit PRE_COMMIT_CACHE: ~/.cache/pre-commit
SQLALCHEMY_WARN_20: 1 SQLALCHEMY_WARN_20: 1
@ -580,7 +580,7 @@ jobs:
python -m venv venv python -m venv venv
. venv/bin/activate . venv/bin/activate
pip install -U "pip<20.3" setuptools wheel pip install -U "pip<20.3" "setuptools<58" wheel
pip install -r requirements_all.txt pip install -r requirements_all.txt
pip install -r requirements_test.txt pip install -r requirements_test.txt
pip install -e . pip install -e .

6
homeassistant/auth/__init__.py
View File

@ -466,7 +466,7 @@ class AuthManager:
}, },
refresh_token.jwt_key, refresh_token.jwt_key,
algorithm="HS256", algorithm="HS256",
).decode() )
@callback @callback
def _async_resolve_provider( def _async_resolve_provider(
@ -507,7 +507,9 @@ class AuthManager:
) -> models.RefreshToken | None: ) -> models.RefreshToken | None:
"""Return refresh token if an access token is valid.""" """Return refresh token if an access token is valid."""
try: try:
unverif_claims = jwt.decode(token, verify=False) unverif_claims = jwt.decode(
token, algorithms=["HS256"], options={"verify_signature": False}
)
except jwt.InvalidTokenError: except jwt.InvalidTokenError:
return None return None

2
homeassistant/components/google_assistant/http.py
View File

@ -51,7 +51,7 @@ def _get_homegraph_jwt(time, iss, key):
"iat": now, "iat": now,
"exp": now + 3600, "exp": now + 3600,
} }
return jwt.encode(jwt_raw, key, algorithm="RS256").decode("utf-8") return jwt.encode(jwt_raw, key, algorithm="RS256")
async def _get_homegraph_token(hass, jwt_signed): async def _get_homegraph_token(hass, jwt_signed):

6
homeassistant/components/html5/notify.py
View File

@ -320,7 +320,9 @@ class HTML5PushCallbackView(HomeAssistantView):
# 2a. If decode is successful, return the payload. # 2a. If decode is successful, return the payload.
# 2b. If decode is unsuccessful, return a 401. # 2b. If decode is unsuccessful, return a 401.
target_check = jwt.decode(token, verify=False) target_check = jwt.decode(
token, algorithms=["ES256", "HS256"], options={"verify_signature": False}
)
if target_check.get(ATTR_TARGET) in self.registrations: if target_check.get(ATTR_TARGET) in self.registrations:
possible_target = self.registrations[target_check[ATTR_TARGET]] possible_target = self.registrations[target_check[ATTR_TARGET]]
key = possible_target[ATTR_SUBSCRIPTION][ATTR_KEYS][ATTR_AUTH] key = possible_target[ATTR_SUBSCRIPTION][ATTR_KEYS][ATTR_AUTH]
@ -557,7 +559,7 @@ def add_jwt(timestamp, target, tag, jwt_secret):
ATTR_TARGET: target, ATTR_TARGET: target,
ATTR_TAG: tag, ATTR_TAG: tag,
} }
return jwt.encode(jwt_claims, jwt_secret).decode("utf-8") return jwt.encode(jwt_claims, jwt_secret)
def create_vapid_headers(vapid_email, subscription_info, vapid_private_key): def create_vapid_headers(vapid_email, subscription_info, vapid_private_key):

2
homeassistant/components/http/auth.py
View File

@ -45,7 +45,7 @@ def async_sign_path(
secret, secret,
algorithm="HS256", algorithm="HS256",
) )
return f"{path}?{SIGN_QUERY_PARAM}={encoded.decode()}" return f"{path}?{SIGN_QUERY_PARAM}={encoded}"
@callback @callback

2
homeassistant/helpers/config_entry_oauth2_flow.py
View File

@ -505,7 +505,7 @@ def _encode_jwt(hass: HomeAssistant, data: dict) -> str:
if secret is None: if secret is None:
secret = hass.data[DATA_JWT_SECRET] = secrets.token_hex() secret = hass.data[DATA_JWT_SECRET] = secrets.token_hex()
return jwt.encode(data, secret, algorithm="HS256").decode() return jwt.encode(data, secret, algorithm="HS256")
@callback @callback

2
homeassistant/package_constraints.txt
View File

@ -1,4 +1,4 @@
PyJWT==1.7.1 PyJWT==2.1.0
PyNaCl==1.4.0 PyNaCl==1.4.0
aiodiscover==1.4.2 aiodiscover==1.4.2
aiohttp==3.7.4.post0 aiohttp==3.7.4.post0

2
requirements.txt
View File

@ -12,7 +12,7 @@ certifi>=2020.12.5
ciso8601==2.1.3 ciso8601==2.1.3
httpx==0.19.0 httpx==0.19.0
jinja2==3.0.1 jinja2==3.0.1
PyJWT==1.7.1 PyJWT==2.1.0
cryptography==3.3.2 cryptography==3.3.2
pip>=8.0.3,<20.3 pip>=8.0.3,<20.3
python-slugify==4.0.1 python-slugify==4.0.1

1
requirements_test.txt
View File

@ -37,7 +37,6 @@ types-decorator==0.1.7
types-emoji==1.2.4 types-emoji==1.2.4
types-enum34==0.1.8 types-enum34==0.1.8
types-ipaddress==0.1.5 types-ipaddress==0.1.5
types-jwt==0.1.3
types-pkg-resources==0.1.3 types-pkg-resources==0.1.3
types-python-slugify==0.1.2 types-python-slugify==0.1.2
types-pytz==2021.1.2 types-pytz==2021.1.2

2
setup.py
View File

@ -43,7 +43,7 @@ REQUIRES = [
"ciso8601==2.1.3", "ciso8601==2.1.3",
"httpx==0.19.0", "httpx==0.19.0",
"jinja2==3.0.1", "jinja2==3.0.1",
"PyJWT==1.7.1", "PyJWT==2.1.0",
# PyJWT has loose dependency. We want the latest one. # PyJWT has loose dependency. We want the latest one.
"cryptography==3.3.2", "cryptography==3.3.2",
"pip>=8.0.3,<20.3", "pip>=8.0.3,<20.3",

6
tests/auth/test_init.py
View File

@ -539,7 +539,7 @@ async def test_create_access_token(mock_hass):
access_token = manager.async_create_access_token(refresh_token) access_token = manager.async_create_access_token(refresh_token)
assert access_token is not None assert access_token is not None
assert refresh_token.jwt_key == jwt_key assert refresh_token.jwt_key == jwt_key
jwt_payload = jwt.decode(access_token, jwt_key, algorithm=["HS256"]) jwt_payload = jwt.decode(access_token, jwt_key, algorithms=["HS256"])
assert jwt_payload["iss"] == refresh_token.id assert jwt_payload["iss"] == refresh_token.id
assert ( assert (
jwt_payload["exp"] - jwt_payload["iat"] == timedelta(minutes=30).total_seconds() jwt_payload["exp"] - jwt_payload["iat"] == timedelta(minutes=30).total_seconds()
@ -558,7 +558,7 @@ async def test_create_long_lived_access_token(mock_hass):
) )
assert refresh_token.token_type == auth_models.TOKEN_TYPE_LONG_LIVED_ACCESS_TOKEN assert refresh_token.token_type == auth_models.TOKEN_TYPE_LONG_LIVED_ACCESS_TOKEN
access_token = manager.async_create_access_token(refresh_token) access_token = manager.async_create_access_token(refresh_token)
jwt_payload = jwt.decode(access_token, refresh_token.jwt_key, algorithm=["HS256"]) jwt_payload = jwt.decode(access_token, refresh_token.jwt_key, algorithms=["HS256"])
assert jwt_payload["iss"] == refresh_token.id assert jwt_payload["iss"] == refresh_token.id
assert ( assert (
jwt_payload["exp"] - jwt_payload["iat"] == timedelta(days=300).total_seconds() jwt_payload["exp"] - jwt_payload["iat"] == timedelta(days=300).total_seconds()
@ -610,7 +610,7 @@ async def test_one_long_lived_access_token_per_refresh_token(mock_hass):
assert jwt_key != jwt_key_2 assert jwt_key != jwt_key_2
rt = await manager.async_validate_access_token(access_token_2) rt = await manager.async_validate_access_token(access_token_2)
jwt_payload = jwt.decode(access_token_2, rt.jwt_key, algorithm=["HS256"]) jwt_payload = jwt.decode(access_token_2, rt.jwt_key, algorithms=["HS256"])
assert jwt_payload["iss"] == refresh_token_2.id assert jwt_payload["iss"] == refresh_token_2.id
assert ( assert (
jwt_payload["exp"] - jwt_payload["iat"] == timedelta(days=3000).total_seconds() jwt_payload["exp"] - jwt_payload["iat"] == timedelta(days=3000).total_seconds()