pypomes-jwt 1.1.8__tar.gz → 1.1.9__tar.gz

{pypomes_jwt-1.1.8 → pypomes_jwt-1.1.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 1.1.8
+Version: 1.1.9
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
@@ -12,6 +12,6 @@ Classifier: Programming Language :: Python :: 3
 Requires-Python: >=3.12
 Requires-Dist: cryptography>=44.0.2
 Requires-Dist: pyjwt>=2.10.1
-Requires-Dist: pypomes-core>=2.0.5
-Requires-Dist: pypomes-db>=2.1.3
+Requires-Dist: pypomes-core>=2.0.6
+Requires-Dist: pypomes-db>=2.1.5
 Requires-Dist: pypomes-logging>=0.6.1

{pypomes_jwt-1.1.8 → pypomes_jwt-1.1.9}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_jwt"
-version = "1.1.8"
+version = "1.1.9"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]
@@ -21,8 +21,8 @@ classifiers = [
 dependencies = [
     "PyJWT>=2.10.1",
     "cryptography>=44.0.2",
-    "pypomes_core>=2.0.5",
-    "pypomes_db>=2.1.3",
+    "pypomes_core>=2.0.6",
+    "pypomes_db>=2.1.5",
     "pypomes_logging>=0.6.1"
 ]
 

{pypomes_jwt-1.1.8 → pypomes_jwt-1.1.9}/src/pypomes_jwt/jwt_pomes.py

@@ -37,7 +37,9 @@ def jwt_needed(func: callable) -> callable:
 
 def jwt_verify_request(request: Request) -> Response:
     """
-    Verify whether the HTTP *request* has the proper authorization, as per the JWT standard.
+    Verify whether the HTTP *request* has the proper authorization, as per the JWT standard..
+
+    This implementation assumes that HTTP requests are handled with the *Flask* framework.
 
     :param request: the *request* to be verified
     :return: *None* if the *request* is valid, otherwise a *Response* reporting the error
@@ -48,15 +50,19 @@ def jwt_verify_request(request: Request) -> Response:
     # retrieve the authorization from the request header
     auth_header: str = request.headers.get("Authorization")
 
-    # was a 'Bearer' authorization obtained ?
+    # validate the authorization token
     bad_token: bool = True
     if auth_header and auth_header.startswith("Bearer "):
         # yes, extract and validate the JWT access token
         token: str = auth_header.split(" ")[1]
-        if jwt_validate_token(errors=None,
-                              nature="A",
-                              token=token):
-            bad_token = False
+        claims: dict[str, Any] = jwt_validate_token(errors=None,
+                                                    token=token,
+                                                    nature="A")
+        if claims:
+            login: str = request.values.get("login")
+            subject: str = claims["payload"].get("sub")
+            if not login or not subject or login == subject:
+                bad_token = False
 
     # deny the authorization
     if bad_token:
@@ -132,7 +138,7 @@ def jwt_validate_token(errors: list[str] | None,
     """
     Verify if *token* ia a valid JWT token.
 
-    Attempt to validate non locally issued tokens will not succeed. if *nature* is provided,
+    Attempt to validate non locally issued tokens will not succeed. If *nature* is provided,
     validate whether *token* is of that nature. A token issued locally has the header claim *kid*
     starting with *A* (for *Access*) or *R* (for *Refresh*), followed by its id in the token database,
     or as a single letter in the range *[B-Z]*, less *R*. If the *kid* claim contains such an id,