PyPI - pypomes-jwt - Versions diffs - 0.8.0__py3-none-any.whl → 0.8.2__py3-none-any.whl - Mend

pypomes-jwt 0.8.0py3-none-any.whl → 0.8.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pypomes-jwt might be problematic. Click here for more details.

Files changed (8) hide show

pypomes_jwt/jwt_constants.py +2 -1
pypomes_jwt/jwt_data.py +6 -5
pypomes_jwt/jwt_pomes.py +29 -16
{pypomes_jwt-0.8.0.dist-info → pypomes_jwt-0.8.2.dist-info}/METADATA +1 -1
pypomes_jwt-0.8.2.dist-info/RECORD +8 -0
pypomes_jwt-0.8.0.dist-info/RECORD +0 -8
{pypomes_jwt-0.8.0.dist-info → pypomes_jwt-0.8.2.dist-info}/WHEEL +0 -0
{pypomes_jwt-0.8.0.dist-info → pypomes_jwt-0.8.2.dist-info}/licenses/LICENSE +0 -0

pypomes_jwt/jwt_constants.py CHANGED Viewed

@@ -47,7 +47,8 @@ JWT_DB_ENGINE: Final[DbEngine] = DbEngine(__db_engine) if __db_engine else None
 # one of HS256, HS512, RSA256, RSA512
 JWT_DEFAULT_ALGORITHM: Final[str] = env_get_str(key=f"{APP_PREFIX}_JWT_DEFAULT_ALGORITHM",
-                                                def_value="HS256")
+                                                def_value="RS256")
 # recommended: between 5 min and 1 hour (set to 5 min)
 JWT_ACCESS_MAX_AGE: Final[int] = env_get_int(key=f"{APP_PREFIX}_JWT_ACCESS_MAX_AGE",
                                              def_value=300)

pypomes_jwt/jwt_data.py CHANGED Viewed

@@ -239,8 +239,8 @@ class JwtData:
                     just_now: int = int(datetime.now(tz=timezone.utc).timestamp())
                     current_claims["iat"] = just_now
                     token_header: dict[str, Any] = None \
-                        if JWT_DEFAULT_ALGORITHM not in ["RSA256", "RSA512"] \
-                        else {"kid": JWT_DECODING_KEY}
+                        if JWT_DEFAULT_ALGORITHM not in ["RS256", "RS512"] \
+                        else {"kid": JWT_DECODING_KEY.hex()}
                     # issue the access token first
                     current_claims["nat"] = "A"
@@ -397,8 +397,9 @@ def _jwt_persist_token(errors: list[str],
                 # ruff: noqa: S324
                 hasher = hashlib.new(name="md5",
                                      data=jwt_token.encode())
-                token_hash: str = hasher.digest().decode()
+                token_hash: str = hasher.digest().hex()
                 db_insert(errors=errors,
                           insert_stmt=f"INSERT INTO {JWT_DB_TABLE}",
-                          insert_data={"ds_hash": token_hash,
-                                       "ds_token": jwt_token})
+                          insert_data={JWT_DB_COL_ACCOUNT: account_id,
+                                       JWT_DB_COL_HASH: token_hash,
+                                       JWT_DB_COL_TOKEN: jwt_token})

pypomes_jwt/jwt_pomes.py CHANGED Viewed

@@ -7,7 +7,7 @@ from typing import Any, Literal
 from .jwt_constants import (
     JWT_ACCESS_MAX_AGE, JWT_REFRESH_MAX_AGE,
     JWT_DEFAULT_ALGORITHM, JWT_DECODING_KEY,
-    JWT_DB_ENGINE, JWT_DB_TABLE, JWT_DB_COL_ACCOUNT, JWT_DB_COL_TOKEN
+    JWT_DB_ENGINE, JWT_DB_TABLE, JWT_DB_COL_HASH
 )
 from .jwt_data import JwtData
@@ -185,6 +185,17 @@ def jwt_validate_token(errors: list[str] | None,
         if nature and nature != claims.get("nat"):
             nat: str = "an access" if nature == "A" else "a refresh"
             err_msg = f"Token is not {nat} token"
+        elif JWT_DB_ENGINE and claims.get("nat") == "R":
+            from pypomes_db import db_exists
+            # ruff: noqa: S324
+            hasher = hashlib.new(name="md5",
+                                 data=token.encode())
+            token_hash: str = hasher.digest().hex()
+            if not db_exists(errors=errors,
+                             table=JWT_DB_TABLE,
+                             where_data={JWT_DB_COL_HASH: token_hash},
+                             logger=logger):
+                err_msg = "Token is not valid"
     except Exception as e:
         err_msg = str(e)
@@ -226,14 +237,14 @@ def jwt_revoke_token(errors: list[str] | None,
         # ruff: noqa: S324
         hasher = hashlib.new(name="md5",
                              data=refresh_token.encode())
-        token_hash: str = hasher.digest().decode()
+        token_hash: str = hasher.digest().hex()
         if db_exists(errors=op_errors,
                      table=JWT_DB_TABLE,
-                     where_data={"ds_hash": token_hash},
+                     where_data={JWT_DB_COL_HASH: token_hash},
                      logger=logger):
             db_delete(errors=errors,
                       delete_stmt=f"DELETE FROM {JWT_DB_TABLE}",
-                      where_data={"ds_hash": token_hash},
+                      where_data={JWT_DB_COL_HASH: token_hash},
                       logger=logger)
         elif not op_errors:
             op_errors.append("Token was not found")
@@ -286,19 +297,21 @@ def jwt_get_tokens(errors: list[str] | None,
     if refresh_token:
         # verify whether this refresh token is legitimate
         if JWT_DB_ENGINE:
-            from pypomes_db import db_select
-            recs: list[tuple[str]] = db_select(errors=op_errors,
-                                               sel_stmt=f"SELECT {JWT_DB_COL_TOKEN} "
-                                                        f"FROM {JWT_DB_TABLE}",
-                                               where_data={JWT_DB_COL_ACCOUNT: account_id},
-                                               logger=logger)
-            if not op_errors and \
-                    (len(recs) == 0 or recs[0][0] != refresh_token):
+            from pypomes_db import db_exists
+            # ruff: noqa: S324
+            hasher = hashlib.new(name="md5",
+                                 data=refresh_token.encode())
+            token_hash: str = hasher.digest().hex()
+            if db_exists(errors=op_errors,
+                         table=JWT_DB_TABLE,
+                         where_data={JWT_DB_COL_HASH: token_hash},
+                         logger=logger) is False:
                 op_errors.append("Invalid refresh token")
         if not op_errors:
             account_claims = jwt_get_claims(errors=op_errors,
                                             token=refresh_token)
-            if not op_errors and account_claims.get("nat") != "R":
+            if not op_errors and (account_claims.get("payload") or {}).get("nat") != "R":
                 op_errors.append("Invalid parameters")
     if not op_errors:
@@ -336,7 +349,7 @@ def jwt_get_claims(errors: list[str] | None,
     Structure of the returned data:
       {
         "header": {
-          "alg": "HS256",
+          "alg": "RS256",
           "typ": "JWT",
           "kid": "rt466ytRTYH64577uydhDFGHDYJH2341"
         },
@@ -347,10 +360,10 @@ def jwt_get_claims(errors: list[str] | None,
           "iat": 1516239022,
           "iss": "https://my_id_provider/issue",
           "jti": "Uhsdfgr67FGH567qwSDF33er89retert",
-          "gender": "M,
+          "gender": "M",
           "name": "John Doe",
           "nbt": 1516249022
-          "sub": "1234567890",
+          "sub": "11111111111",
           "roles": [
             "administrator",
             "operator"

{pypomes_jwt-0.8.0.dist-info → pypomes_jwt-0.8.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 0.8.0
+Version: 0.8.2
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues

pypomes_jwt-0.8.2.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,8 @@
+pypomes_jwt/__init__.py,sha256=06WdwiP2m5jtrFjpPSacg4fRd2Dh6gVo93xJhmu73J4,1134
+pypomes_jwt/jwt_constants.py,sha256=EjdrTP5AptGoOdI0gzsxexmM4lrgm2r0KHX-DyyGhFc,4330
+pypomes_jwt/jwt_data.py,sha256=d11IsRLKF7_3RTfm5ju-U--eCHJemD50OzQBOzFNtYQ,19243
+pypomes_jwt/jwt_pomes.py,sha256=hsWrlq_9OqcScS1fPKFl5yxxjicj_AAE2Z5NfKicDkw,15686
+pypomes_jwt-0.8.2.dist-info/METADATA,sha256=gHPs2FSSALkn4gsXnCXnbNBIjDYt7a4QxMY11NYBvb8,599
+pypomes_jwt-0.8.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_jwt-0.8.2.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
+pypomes_jwt-0.8.2.dist-info/RECORD,,

pypomes_jwt-0.8.0.dist-info/RECORD DELETED Viewed

@@ -1,8 +0,0 @@
-pypomes_jwt/__init__.py,sha256=06WdwiP2m5jtrFjpPSacg4fRd2Dh6gVo93xJhmu73J4,1134
-pypomes_jwt/jwt_constants.py,sha256=6-Jw4ORgf32hRWnaGyVISXMJMtTBk7LdKl3RrDy7Ll0,4328
-pypomes_jwt/jwt_data.py,sha256=gyhGquSQbHevOKIoXmAmjMSwCjXB7pYbI2sY-7sGGO8,19158
-pypomes_jwt/jwt_pomes.py,sha256=PPx-JTlR2dVsLUFlkCiZCxYOnH-BbwqpptBDHO_PIfI,15213
-pypomes_jwt-0.8.0.dist-info/METADATA,sha256=C2fRw5H6are30XZfHLK5IpyqNFlL59Kt9Z0VtJXF07E,599
-pypomes_jwt-0.8.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_jwt-0.8.0.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
-pypomes_jwt-0.8.0.dist-info/RECORD,,

{pypomes_jwt-0.8.0.dist-info → pypomes_jwt-0.8.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{pypomes_jwt-0.8.0.dist-info → pypomes_jwt-0.8.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

pypomes-jwt 0.8.0__py3-none-any.whl → 0.8.2__py3-none-any.whl

Potentially problematic release.

pypomes-jwt 0.8.0py3-none-any.whl → 0.8.2py3-none-any.whl