refactor decode(), fix setup.py for automated sdist builds

* split decode() internals into load() and verify_signature()
* pull code out of read() function in setup.py so it doesn't
  fail when using distutils.core.run_setup() to build an archive
* the setup.py change also uses with so file closing is automatic

2 files changed, 36 insertions, 22 deletions

diff --git a/jwt/__init__.py b/jwt/__init__.py
index 708d7ca..4e1d5d2 100644
--- a/jwt/__init__.py
+++ b/jwt/__init__.py
@@ -137,6 +137,16 @@ def encode(payload, key, algorithm='HS256'):
 
 
 def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0):
+    payload, signing_input, header, signature = load(jwt)
+
+    if verify:
+        verify_signature(payload, signing_input, header, signature, key,
+                verify_expiration, leeway)
+
+    return payload
+
+
+def load(jwt):
     if isinstance(jwt, unicode):
         jwt = jwt.encode('utf-8')
     try:
@@ -168,22 +178,25 @@ def decode(jwt, key='', verify=True, verify_expiration=True, leeway=0):
     except (TypeError, binascii.Error):
         raise DecodeError("Invalid crypto padding")
 
-    if verify:
-        try:
-            if isinstance(key, unicode):
-                key = key.encode('utf-8')
-            if header['alg'].startswith('HS'):
-                expected = verify_methods[header['alg']](signing_input, key)
-                if not constant_time_compare(signature, expected):
-                    raise DecodeError("Signature verification failed")
-            else:
-                if not verify_methods[header['alg']](signing_input, key, signature):
-                    raise DecodeError("Signature verification failed")
-        except KeyError:
-            raise DecodeError("Algorithm not supported")
-
-        if 'exp' in payload and verify_expiration:
-            utc_timestamp = timegm(datetime.utcnow().utctimetuple())
-            if payload['exp'] < (utc_timestamp - leeway):
-                raise ExpiredSignature("Signature has expired")
-    return payload
+    return (payload, signing_input, header, signature)
+
+
+def verify_signature(payload, signing_input, header, signature, key='',
+            verify_expiration=True, leeway=0):
+    try:
+        if isinstance(key, unicode):
+            key = key.encode('utf-8')
+        if header['alg'].startswith('HS'):
+            expected = verify_methods[header['alg']](signing_input, key)
+            if not constant_time_compare(signature, expected):
+                raise DecodeError("Signature verification failed")
+        else:
+            if not verify_methods[header['alg']](signing_input, key, signature):
+                raise DecodeError("Signature verification failed")
+    except KeyError:
+        raise DecodeError("Algorithm not supported")
+
+    if 'exp' in payload and verify_expiration:
+        utc_timestamp = timegm(datetime.utcnow().utctimetuple())
+        if payload['exp'] < (utc_timestamp - leeway):
+            raise ExpiredSignature("Signature has expired")
diff --git a/setup.py b/setup.py
index 32f2271..cdd14a3 100755
--- a/setup.py
+++ b/setup.py
@@ -3,8 +3,9 @@ import os
 from setuptools import setup
 
 
-def read(fname):
-    return open(os.path.join(os.path.dirname(__file__), fname)).read()
+with open(os.path.join(os.path.dirname(__file__), 'README.md')) as readme:
+    long_description = readme.read()
+
 
 setup(
     name="PyJWT",
@@ -17,7 +18,7 @@ setup(
     url="http://github.com/progrium/pyjwt",
     packages=['jwt'],
     scripts=['bin/jwt'],
-    long_description=read('README.md'),
+    long_description=long_description,
     classifiers=[
         "Development Status :: 3 - Alpha",
         "License :: OSI Approved :: MIT License",