pypomes-jwt 0.9.4__py3-none-any.whl → 0.9.5__py3-none-any.whl

pypomes_jwt/jwt_pomes.py

@@ -61,7 +61,7 @@ def jwt_verify_request(request: Request,
             logger.debug(msg="Bearer token was retrieved")
         errors: list[str] = []
         jwt_validate_token(errors=errors,
-                           natures=["A"],
+                           nature="A",
                            token=token)
         if errors:
             err_msg = "; ".join(errors)
@@ -151,7 +151,7 @@ def jwt_remove_account(account_id: str,
 
 def jwt_validate_token(errors: list[str] | None,
                        token: str,
-                       natures: list[str] = None,
+                       nature: str = None,
                        account_id: str = None,
                        logger: Logger = None) -> dict[str, Any] | None:
     """
@@ -164,7 +164,7 @@ def jwt_validate_token(errors: list[str] | None,
 
     :param errors: incidental error messages
     :param token: the token to be validated
-    :param natures: one or more prefixes identifying the nature of locally issued tokens
+    :param nature: prefix identifying the nature of locally issued tokens
     :param account_id: optionally, validate the token's account owner
     :param logger: optional logger
     :return: The token's claims (header and payload) if if is valid, *None* otherwise
@@ -182,9 +182,10 @@ def jwt_validate_token(errors: list[str] | None,
     op_errors: list[str] = []
 
     # retrieve token data from database
-    if natures and not (token_kid and token_kid[0:1] in natures):
+    if nature and not (token_kid and token_kid[0:1] == nature):
         op_errors.append("Invalid token")
-    elif token_kid and len(token_kid) > 1 and token_kid[0:1].isupper() and token[1:].isdigit():
+    elif token_kid and len(token_kid) > 1 and \
+            token_kid[0:1] in ["A", "R"] and token[1:].isdigit():
         # token was likely issued locally
         where_data: dict[str, Any] = {JWT_DB_COL_KID: int(token_kid[1:])}
         if account_id:
@@ -270,18 +271,20 @@ def jwt_revoke_token(errors: list[str] | None,
     op_errors: list[str] = []
     token_claims: dict[str, Any] = jwt_validate_token(errors=op_errors,
                                                       token=refresh_token,
-                                                      natures=["A", "R"],
                                                       account_id=account_id,
                                                       logger=logger)
     if not op_errors:
         token_kid: str = token_claims["header"].get("kid")
-        db_delete(errors=op_errors,
-                  delete_stmt=f"DELETE FROM {JWT_DB_TABLE}",
-                  where_data={
-                      JWT_DB_COL_KID: int(token_kid[1:]),
-                      JWT_DB_COL_ACCOUNT: account_id
-                  },
-                  logger=logger)
+        if token_kid[0:1] not in ["A", "R"]:
+            op_errors.append("Invalid token")
+        else:
+            db_delete(errors=op_errors,
+                      delete_stmt=f"DELETE FROM {JWT_DB_TABLE}",
+                      where_data={
+                          JWT_DB_COL_KID: int(token_kid[1:]),
+                          JWT_DB_COL_ACCOUNT: account_id
+                      },
+                      logger=logger)
     if op_errors:
         if logger:
             logger.error(msg="; ".join(op_errors))
@@ -351,12 +354,10 @@ def jwt_issue_tokens(errors: list[str] | None,
                      account_claims: dict[str, Any] = None,
                      logger: Logger = None) -> dict[str, Any]:
     """
-    Issue the JWT tokens associated with *account_id*, for access and refresh operations.
+    Issue the JWT token pair associated with *account_id*, for access and refresh operations.
 
-    If *refresh_token* is provided, its claims are used on issuing the new tokens, and
-    claims in *account_claims*, if any, are ignored. Furthermore, these claims are ignored,
-    if provided in *account_claims*: *iat*, *iss*, *exp*, *jti*, *nbf*, and *sub*.
-    Other claims specified therein may supercede registered account-related claims.
+    These claims are ignored, if provided in *account_claims*: *iat*, *iss*, *exp*, *jti*, *nbf*, and *sub*.
+    Other claims specified therein may supercede currently registered account-related claims.
 
     Structure of the return data:
     {
@@ -368,7 +369,7 @@ def jwt_issue_tokens(errors: list[str] | None,
 
     :param errors: incidental error messages
     :param account_id: the account identification
-    :param account_claims: if provided, may supercede registered claims
+    :param account_claims: if provided, may supercede currently registered account-related claims
     :param logger: optional logger
     :return: the JWT token data, or *None* if error
     """
@@ -376,7 +377,7 @@ def jwt_issue_tokens(errors: list[str] | None,
     result: dict[str, Any] | None = None
 
     if logger:
-        logger.debug(msg=f"Issuing a pair of JWT tokens for '{account_id}'")
+        logger.debug(msg=f"Issuing a JWT token pair for '{account_id}'")
     op_errors: list[str] = []
 
     try:
@@ -400,10 +401,10 @@ def jwt_issue_tokens(errors: list[str] | None,
 
 def jwt_refresh_tokens(errors: list[str] | None,
                        account_id: str,
-                       refresh_token: str = None,
+                       refresh_token: str,
                        logger: Logger = None) -> dict[str, Any]:
     """
-    Issue the JWT tokens associated with *account_id*, for access and refresh operations.
+    Refresh the JWT token pair associated with *account_id*, for access and refresh operations.
 
     The claims in *refresh-token* are used on issuing the new tokens.
 
@@ -425,14 +426,14 @@ def jwt_refresh_tokens(errors: list[str] | None,
     result: dict[str, Any] | None = None
 
     if logger:
-        logger.debug(msg=f"Refreshing a pair of JWT tokens for '{account_id}'")
+        logger.debug(msg=f"Refreshing a JWT token pair for '{account_id}'")
     op_errors: list[str] = []
 
     # verify whether this refresh token is legitimate
     if refresh_token:
         account_claims: dict[str, Any] = (jwt_validate_token(errors=op_errors,
                                                              token=refresh_token,
-                                                             natures=["R"],
+                                                             nature="R",
                                                              account_id=account_id,
                                                              logger=logger) or {}).get("payload")
         # revoke current refresh token
@@ -440,12 +441,6 @@ def jwt_refresh_tokens(errors: list[str] | None,
                                                account_id=account_id,
                                                refresh_token=refresh_token,
                                                logger=logger):
-            account_claims.pop("exp", None)
-            account_claims.pop("iat", None)
-            account_claims.pop("iss", None)
-            account_claims.pop("jti", None)
-            account_claims.pop("nbt", None)
-            account_claims.pop("sub", None)
             # issue tokens
             result = jwt_issue_tokens(errors=errors,
                                       account_id=account_id,

pypomes_jwt/jwt_registry.py

@@ -238,7 +238,7 @@ class JwtRegistry:
                      account_claims: dict[str, Any] = None,
                      logger: Logger = None) -> dict[str, Any]:
         """
-        Issue and return the JWT access and refresh tokens for *account_id*.
+        Issue and return a JWT token pair associated with *account_id*.
 
         These claims are ignored, if specified in *account_claims*: *iat*, *iss*, *exp*, *jti*, *nbf*, and *sub*.
         Other claims specified therein may supercede registered account-related claims.

{pypomes_jwt-0.9.4.dist-info → pypomes_jwt-0.9.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 0.9.4
+Version: 0.9.5
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues

pypomes_jwt-0.9.5.dist-info/RECORD

@@ -0,0 +1,8 @@
+pypomes_jwt/__init__.py,sha256=t6TzpvttDuLMaKSGuBicOf9cZU4Y0N9mtby3ThS4lt8,1398
+pypomes_jwt/jwt_constants.py,sha256=IQV39AiZKGuU8XxZBgJ-KJZQZ_mmnxyOnRZeuxlqDRk,4045
+pypomes_jwt/jwt_pomes.py,sha256=ZQ-x9nJqRqSfLXcoN0crh4a-BhT1MNOMvZkFTsaQsuE,21069
+pypomes_jwt/jwt_registry.py,sha256=27Z0wbDCNcy_Klm50dGhJ1ZVYznj0SNdMjzHVT_Uzzo,25588
+pypomes_jwt-0.9.5.dist-info/METADATA,sha256=IZT48rR9ftHECxA8Xy0HhhkHLX1rUQk-rDsdtMgb8TI,632
+pypomes_jwt-0.9.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_jwt-0.9.5.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
+pypomes_jwt-0.9.5.dist-info/RECORD,,

pypomes_jwt-0.9.4.dist-info/RECORD

@@ -1,8 +0,0 @@
-pypomes_jwt/__init__.py,sha256=t6TzpvttDuLMaKSGuBicOf9cZU4Y0N9mtby3ThS4lt8,1398
-pypomes_jwt/jwt_constants.py,sha256=IQV39AiZKGuU8XxZBgJ-KJZQZ_mmnxyOnRZeuxlqDRk,4045
-pypomes_jwt/jwt_pomes.py,sha256=0bnKkq-wBHqBoQYmHGxWamOHmehLqHSNUs08NUJHT6Q,21413
-pypomes_jwt/jwt_registry.py,sha256=GbfDwMDUMjX8qJahMnOQ0FQUnxyiEuODrn6E-wIkDnk,25593
-pypomes_jwt-0.9.4.dist-info/METADATA,sha256=bCKCOvGx0C7n89t3eO9U7h9g0rb0YoEyZB550E-L874,632
-pypomes_jwt-0.9.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_jwt-0.9.4.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
-pypomes_jwt-0.9.4.dist-info/RECORD,,