pypomes-jwt 1.0.5__tar.gz → 1.0.7__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-jwt might be problematic. Click here for more details.
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/PKG-INFO +1 -1
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/pyproject.toml +1 -1
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/src/pypomes_jwt/jwt_pomes.py +12 -10
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/src/pypomes_jwt/jwt_registry.py +6 -6
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/.gitignore +0 -0
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/LICENSE +0 -0
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/README.md +0 -0
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/src/pypomes_jwt/__init__.py +0 -0
- {pypomes_jwt-1.0.5 → pypomes_jwt-1.0.7}/src/pypomes_jwt/jwt_constants.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_jwt
|
|
3
|
-
Version: 1.0.
|
|
3
|
+
Version: 1.0.7
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (JWT module)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
|
|
@@ -52,16 +52,14 @@ def jwt_verify_request(request: Request) -> Response:
|
|
|
52
52
|
auth_header: str = request.headers.get("Authorization")
|
|
53
53
|
|
|
54
54
|
# was a 'Bearer' authorization obtained ?
|
|
55
|
-
bad_token: bool =
|
|
55
|
+
bad_token: bool = True
|
|
56
56
|
if auth_header and auth_header.startswith("Bearer "):
|
|
57
57
|
# yes, extract and validate the JWT access token
|
|
58
58
|
token: str = auth_header.split(" ")[1]
|
|
59
|
-
errors
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
if errors:
|
|
64
|
-
bad_token = True
|
|
59
|
+
if jwt_validate_token(errors=None,
|
|
60
|
+
nature="A",
|
|
61
|
+
token=token):
|
|
62
|
+
bad_token = False
|
|
65
63
|
|
|
66
64
|
# deny the authorization
|
|
67
65
|
if bad_token:
|
|
@@ -178,11 +176,13 @@ def jwt_validate_token(errors: list[str] | None,
|
|
|
178
176
|
|
|
179
177
|
# retrieve token data from database
|
|
180
178
|
if nature and not (token_kid and token_kid[0:1] == nature):
|
|
179
|
+
if logger:
|
|
180
|
+
logger.error(f"Nature of token's 'kid' ('{token_kid}') not '{nature}'")
|
|
181
181
|
op_errors.append("Invalid token")
|
|
182
182
|
elif token_kid and len(token_kid) > 1 and \
|
|
183
183
|
token_kid[0:1] in ["A", "R"] and token_kid[1:].isdigit():
|
|
184
184
|
# token was likely issued locally
|
|
185
|
-
where_data: dict[str, Any] = {JWT_DB_COL_KID:
|
|
185
|
+
where_data: dict[str, Any] = {JWT_DB_COL_KID: token_kid}
|
|
186
186
|
if account_id:
|
|
187
187
|
where_data[JWT_DB_COL_ACCOUNT] = account_id
|
|
188
188
|
recs: list[tuple[str]] = db_select(errors=op_errors,
|
|
@@ -226,7 +226,9 @@ def jwt_validate_token(errors: list[str] | None,
|
|
|
226
226
|
require=["iat", "iss", "exp", "sub"],
|
|
227
227
|
algorithms=token_alg)
|
|
228
228
|
if account_id and payload.get("sub") != account_id:
|
|
229
|
-
|
|
229
|
+
if logger:
|
|
230
|
+
logger.error(msg=f"Token does not belong to account '{account_id}'")
|
|
231
|
+
op_errors.append("Invalid token")
|
|
230
232
|
else:
|
|
231
233
|
result = {
|
|
232
234
|
"header": token_header,
|
|
@@ -480,7 +482,7 @@ def jwt_refresh_tokens(errors: list[str] | None,
|
|
|
480
482
|
logger.error(msg=f"Error refreshing the token pair: {exc_err}")
|
|
481
483
|
op_errors.append(exc_err)
|
|
482
484
|
|
|
483
|
-
#
|
|
485
|
+
# wrap-up the transaction
|
|
484
486
|
if op_errors:
|
|
485
487
|
db_rollback(errors=op_errors,
|
|
486
488
|
connection=db_conn,
|
|
@@ -308,7 +308,7 @@ class JwtRegistry:
|
|
|
308
308
|
committable=False,
|
|
309
309
|
logger=logger)
|
|
310
310
|
|
|
311
|
-
#
|
|
311
|
+
# wrap-up the transaction
|
|
312
312
|
if not db_conn:
|
|
313
313
|
if errors:
|
|
314
314
|
db_rollback(errors=errors,
|
|
@@ -362,7 +362,7 @@ def _jwt_persist_token(account_id: str,
|
|
|
362
362
|
db_conn: Any,
|
|
363
363
|
logger: Logger = None) -> int:
|
|
364
364
|
"""
|
|
365
|
-
Persist the given token, making sure that the account limit is
|
|
365
|
+
Persist the given token, making sure that the account limit is complied with.
|
|
366
366
|
|
|
367
367
|
The tokens in storage, associated with *account_id*, are examined for their expiration timestamp.
|
|
368
368
|
If a token's expiration timestamp is in the past, it is removed from storage. If the maximum number
|
|
@@ -464,12 +464,12 @@ def _jwt_persist_token(account_id: str,
|
|
|
464
464
|
if errors:
|
|
465
465
|
raise RuntimeError("; ".join(errors))
|
|
466
466
|
|
|
467
|
-
# obtain the token's storage id
|
|
468
|
-
# HAZARD: JWT_DB_COL_TOKEN's type might prevent it for being used in a WHERE clause
|
|
467
|
+
# obtain and return the token's storage id
|
|
468
|
+
# HAZARD: JWT_DB_COL_TOKEN's column type might prevent it for being used in a WHERE clause
|
|
469
469
|
where_clause: str | None = None
|
|
470
470
|
if existing_ids:
|
|
471
|
-
where_clause = f"{JWT_DB_COL_KID} NOT IN
|
|
472
|
-
where_clause = where_clause.replace("[", "").replace("]", "")
|
|
471
|
+
where_clause = f"{JWT_DB_COL_KID} NOT IN {existing_ids}"
|
|
472
|
+
where_clause = where_clause.replace("[", "(", 1).replace("]", ")", 1)
|
|
473
473
|
reply: list[tuple[int]] = db_select(errors=errors,
|
|
474
474
|
sel_stmt=f"SELECT {JWT_DB_COL_KID} "
|
|
475
475
|
f"FROM {JWT_DB_TABLE}",
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|