dj-jwt-auth 1.7.0__py3-none-any.whl → 1.7.1__py3-none-any.whl

{dj_jwt_auth-1.7.0.dist-info → dj_jwt_auth-1.7.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dj-jwt-auth
-Version: 1.7.0
+Version: 1.7.1
 Summary: A Django package for JSON Web Token validation and verification. Using PyJWT.
 Home-page: https://www.example.com/
 Author: Konstantin Seleznev

{dj_jwt_auth-1.7.0.dist-info → dj_jwt_auth-1.7.1.dist-info}/RECORD

@@ -1,7 +1,7 @@
 django_jwt/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-django_jwt/config.py,sha256=-9JkGjMXRVNmQYPvrEwaoJacu068nySNfjMyo5DtXcw,1550
-django_jwt/exceptions.py,sha256=vFJcGOCSZvxJRbSeMgWgPUM9wcXu6CSHblpwMzhV-Ic,198
-django_jwt/middleware.py,sha256=LiIvjHPmYkojmF9D8XuSOBGLgAJHnY_T9nelj7RJLOs,1072
+django_jwt/config.py,sha256=zPPlRw1tvE-DQGk0Q3avZmrYVG98GM9vigK1GqDAQeE,1703
+django_jwt/exceptions.py,sha256=S8HeH_lu8XSsejhyW0qkl04MmXxxbN4-zrtyPywbBwc,311
+django_jwt/middleware.py,sha256=jk3M9qumI0p4rVvmkZM1jAf5xzaVl5FmAqrR-jAO_Po,1288
 django_jwt/pkce.py,sha256=j-v2ffCw0X3JW7ak8vfNeSZI-dACOvHbi1eLmJ0R8gM,685
 django_jwt/roles.py,sha256=SaHK3o8T8USS4ZhG4SrHPlZQV2lMb2t1UZHT6IQtBvA,143
 django_jwt/settings.py,sha256=pXQ8WUU4LGBe6PQxCLTLM_2_b1CCSgehqim3yJDqZdw,1922
@@ -13,9 +13,9 @@ django_jwt/templates/django-jwt-index.html,sha256=y8f0v2WbRAFxnIU799I_MZCVsjn1sb
 django_jwt/templates/admin/login.html,sha256=Nihyu0IGvDDZVvQDITXozwlj6XCQ0B8gqlyHLqVNyJc,275
 tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/models.py,sha256=tJlhRARVGfFIH6Gp1o00buZKcY2oAk7HNw2PMnkTEDs,295
-tests/test.py,sha256=K1woXGzeg9FJrjd4I22vm0-M43D8tXYV6XwXtv9vTD8,10192
+tests/test.py,sha256=Llj8u4hyxezdUdCOnM5ogw_hLxC82tiSY6e14W42GjU,11089
 tests/urls.py,sha256=D5FhDSVAudurkrpkCZZPnDvgXSgifwFVB3nAlYBg7uQ,212
-dj_jwt_auth-1.7.0.dist-info/METADATA,sha256=k4Aal9v4cYy-3GQaVekI9EQE9qZ_MSTCwu0heRpNOBw,4416
-dj_jwt_auth-1.7.0.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
-dj_jwt_auth-1.7.0.dist-info/top_level.txt,sha256=58O7TdK-yECZcbmPc52KNlBFpjIUlENuZubCxaSOxus,17
-dj_jwt_auth-1.7.0.dist-info/RECORD,,
+dj_jwt_auth-1.7.1.dist-info/METADATA,sha256=AxY9nhrLPx8qkqcvIWfXe1TJSsjZ95d4cjFwfSCJ8zM,4416
+dj_jwt_auth-1.7.1.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+dj_jwt_auth-1.7.1.dist-info/top_level.txt,sha256=58O7TdK-yECZcbmPc52KNlBFpjIUlENuZubCxaSOxus,17
+dj_jwt_auth-1.7.1.dist-info/RECORD,,

{dj_jwt_auth-1.7.0.dist-info → dj_jwt_auth-1.7.1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.5.0)
+Generator: setuptools (75.6.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

django_jwt/config.py

@@ -6,7 +6,7 @@ import requests
 from jwt.algorithms import ECAlgorithm, RSAAlgorithm
 
 from django_jwt import settings
-from django_jwt.exceptions import ConfigException
+from django_jwt.exceptions import AlgorithmNotSupportedException, ConfigException
 
 
 def ensure_well_known(url: str) -> str:
@@ -24,6 +24,9 @@ class Config:
         if not self.route:
             raise ConfigException("OIDC_CONFIG_ROUTES is not set")
 
+        if alg not in self.route:
+            raise AlgorithmNotSupportedException(f"Algorithm {alg} is not supported")
+
         response = requests.get(ensure_well_known(self.route[alg]))
         response.raise_for_status()
         return response.json()

django_jwt/exceptions.py

@@ -8,3 +8,9 @@ class BadRequestException(Exception):
     """Base class for exceptions in this module."""
 
     pass
+
+
+class AlgorithmNotSupportedException(Exception):
+    """Base class for exceptions in this module."""
+
+    pass

django_jwt/middleware.py

@@ -5,6 +5,7 @@ from django.http import JsonResponse
 from django.utils.deprecation import MiddlewareMixin
 from jwt import ExpiredSignatureError
 
+from django_jwt.exceptions import AlgorithmNotSupportedException
 from django_jwt.user import UserHandler
 from django_jwt.utils import oidc_handler
 
@@ -27,6 +28,8 @@ class JWTAuthMiddleware(MiddlewareMixin):
         try:
             info = oidc_handler.decode_token(raw_token)
             request.user = request._cached_user = UserHandler(info, request, raw_token).get_user()
+        except AlgorithmNotSupportedException as exc:
+            return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": str(exc)})
         except ExpiredSignatureError:
             return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": "expired token"})
         except UnicodeDecodeError as exc:

tests/test.py

@@ -9,6 +9,8 @@ from django.urls import reverse
 from jwt.api_jwt import ExpiredSignatureError
 
 from django_jwt import settings
+from django_jwt.config import config
+from django_jwt.exceptions import ConfigException
 from django_jwt.middleware import JWTAuthMiddleware
 from django_jwt.roles import ROLE
 from django_jwt.user import role_handler
@@ -200,6 +202,25 @@ class OIDCHandlerTest(TestCase):
         # self.assertEqual(user_info.call_count, 1)
 
 
+@patch("django_jwt.utils.get_alg", return_value="HS256")
+class ConfigTest(TestCase):
+    def setUp(self):
+        self.middleware = JWTAuthMiddleware(get_response=lambda x: x)
+        self.request = Mock()
+        self.request.META = {"HTTP_AUTHORIZATION": "Bearer Token"}
+
+    @patch.object(config, "route", {})
+    def test_empty_routes(self, *_):
+        with self.assertRaises(ConfigException):
+            self.middleware.process_request(self.request)
+
+    @patch.object(config, "route", {"ES256": "http://localhost:8080"})
+    def test_not_supported_alg(self, *_):
+        response = self.middleware.process_request(self.request)
+        self.assertEqual(HTTPStatus.UNAUTHORIZED.value, response.status_code)
+        self.assertEqual(b'{"detail": "Algorithm HS256 is not supported"}', response.content)
+
+
 class RolesTest(TestCase):
     def setUp(self) -> None:
         self.user = User.objects.create(username="user")