summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Change TypeError on bad `kid` to InvalidTokenErrorGabriel Gironda2015-07-231-4/+4
|
* Fail on encode and decode of bad JWS header valuesGabriel Gironda2015-07-211-2/+25
| | | | | | | | | | | | | | | The JWS spec: https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4.1.4 States that if `kid` is present then it **MUST** be a string. Currently, the library allows silent creation of invalid JWS (and thus, JWT), as it allows any type for `kid`. This commit adds checks to help ensure output meets the spec. * Add jwt.api_jws.PyJWS._validate_headers for validating JWS headers on encode and decode * Add tests
* Changed test function nameAlexandru Mihai2015-06-231-1/+1
|
* Remove unused variableAlexandru Mihai2015-06-231-1/+1
|
* Merge branch 'master' of https://github.com/jpadilla/pyjwtAlexandru Mihai2015-06-222-12/+60
|\
| * Added new options for requiring exp, iat, and nbf claims.Mark Adams2015-06-022-12/+60
| | | | | | | | Thanks to David Black <dblack@atlassian.com> for the suggestion.
* | Added test for verify signature with empty algoAlexandru Mihai2015-06-221-0/+10
|/
* Removed tests that are no longer necessary now that we have test vectors ↵Mark Adams2015-05-191-66/+33
| | | | from RFC 7520
* Removed the @skipif from the RSA-PSS test vector test.Mark Adams2015-05-191-1/+0
|
* Merged master branch in to remove Python 3.2 support and add the newMark Adams2015-05-189-1/+248
|\ | | | | | | test vectors from #160
| * Added test vectors from the IETF JOSE Cookbook for HMAC, RSA, and EC.Mark Adams2015-05-188-1/+239
| |
| * Added get_unverified_header method so that unverified headers can be ↵Mark Adams2015-05-081-0/+9
| | | | | | | | retrieved by the application. Closes #155
* | Test signatures with wrong lengthesneider2015-05-151-0/+14
| |
* | Fix the ECDSA signature serialization format when using cryptographyesneider2015-05-133-18/+14
| |
* | Fix the ECDSA signature serialization formatesneider2015-05-101-12/+9
|/
* `verify_expiration` was removed too soonbring-verify_expiration-backJosé Padilla2015-04-261-0/+20
| | | | - Merge with `verify_exp` option - Add deprecation warning
* Split tests between PyJWS and PyJWT object responsiblitiesMark Adams2015-04-192-502/+612
|
* Refactored JWS-specific logic out of PyJWT and into PyJWS superclassMark Adams2015-04-191-7/+7
|
* Fixed some PEP8 issuesMark Adams2015-04-141-3/+1
|
* Fixed some squirly looking tests.Mark Adams2015-04-141-12/+8
|
* Removed all references to unittestMark Adams2015-04-146-299/+270
|
* Minor refactorings to move some utils code around and remove unneeded code.Mark Adams2015-04-143-8/+8
|
* Converted all unittest constructs to pytestMark Adams2015-04-145-189/+199
|
* Merge pull request #135 from mark-adams/minor-updatesJosé Padilla2015-04-142-16/+32
|\ | | | | Minor refactorings to make things a little cleaner
| * Added a test to improve coverage and cleaned up some existing tests.Mark Adams2015-04-122-10/+29
| |
| * Changed PyJWT.default_options to optionsMark Adams2015-04-121-6/+3
| | | | | | | | and updated the CHANGELOG
* | Added a deprecation warning for using verify= instead of options= on decode()Mark Adams2015-04-121-0/+21
|/
* Added support for RSASSA-PSS algorithms (PS256, PS384, PS512)Mark Adams2015-04-082-7/+72
|
* refactor option merging, add myself to AUTHORS, s/dict()/{}Michael Davis2015-04-081-2/+2
|
* Remove dict comprehension for py26 compatibilityMichael Davis2015-04-061-0/+2
|
* Add flexible and complete verification optionsMichael Davis2015-04-061-2/+67
| | | | Attempts to fix #127
* Made some PEP8 fixes that came from the last commit.Mark Adams2015-03-291-3/+3
|
* Added checks on iat to make sure that a token can't be issued for theMark Adams2015-03-291-5/+13
| | | | | future Changed nbf exception to ImmatureSignatureError
* Moved claims validation into a seperate private method to make it simpler to ↵Mark Adams2015-03-291-3/+0
| | | | understand the code.
* Fixed some PEP8 errors from the last commit.Mark Adams2015-03-291-2/+0
|
* Removed private APIs from tests and refactored tests to focus on public APIsMark Adams2015-03-291-216/+62
|
* Added validation for 'nbf' claim to ensure it is an int value. #121Mark Adams2015-03-291-0/+9
|
* Added validation for 'iat' claim to ensure it is an int value. #121Mark Adams2015-03-291-2/+10
|
* Added validation for 'exp' claim to ensure it is an int value. #121Mark Adams2015-03-291-0/+10
|
* Fixed a flaky test by making sure we actually make the signature invalid ↵Mark Adams2015-03-181-3/+2
| | | | from within the base64 instead of afterwards.
* Added the ability to specify both a global alg whitelist for a PyJWT object ↵Mark Adams2015-03-171-18/+37
| | | | and a whitelist for calls to decode. (Fixes #107)
* Added tests to cover invalid string validations on HMACMark Adams2015-03-172-1/+61
|
* Default algorithms can now be overridden by passing in the algorithms ↵Mark Adams2015-03-171-2/+16
| | | | parameter to the PyJWT constructor. Also, PyJWT now has a get_supported_algorithms() method that returns back valid values for 'alg'
* Added a better explanation for TestJWT and why it exists.Mark Adams2015-03-171-1/+6
|
* Fixed some PEP8 errors from the last commit.Mark Adams2015-03-171-25/+25
|
* Refactored tests to make things fit better with the new PyJWT object APIMark Adams2015-03-172-858/+885
| | | | | | | | | | - test_jwt.py has been renamed to test_api.py since it focuses entirely on api.py - A new test_jwt.py has been introduced that focuses exclusively on testing the public API. (Specifically, making sure that encode and decode still exist and function). This test can be extremely simple since the jwt.encode and jwt.decode functions are backed by PyJWT() which is tested elsewhere.
* Refactored api.py so that all JWT functions are now part of a PyJWT class.Mark Adams2015-03-171-174/+179
| | | | | | | | - Created a singleton instance to preserve jwt.encode, jwt.decode, jwt.register_algorithms existing public APIs - Renamed load and verify_signature to _load and _verify_signature since they are not part of the existing public API - Modified related tests to use PyJWT._load and PyJWT._verify_signature
* Added some more tests to improve coverage for jwt.contrib.algorithmsMark Adams2015-03-151-0/+62
|
* Revived PyCrypto and ecdsa-based algorithms as optional jwt.contrib modules.Mark Adams2015-03-154-10/+148
|
* Made algorithm class dependence on hash functions more direct.Mark Adams2015-03-151-13/+11
| | | | | | | - Algorithms now have SHA256, SHA384, and SHA512 static properties that refer to the callable that instantiates their hash class - All algorithms now expect a class (callable) as their hash_alg now. This behavior was inconsistent before.
View Lorry Controller Status