Hello community,
here is the log from the commit of package python-flask-jwt-extended for
openSUSE:Factory checked in at 2019-09-25 08:44:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-flask-jwt-extended (Old)
and /work/SRC/openSUSE:Factory/.python-flask-jwt-extended.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-flask-jwt-extended"
Wed Sep 25 08:44:09 2019 rev:6 rq:732917 version:3.23.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-flask-jwt-extended/python-flask-jwt-extended.changes
2019-09-10 00:06:09.805196678 +0200
+++
/work/SRC/openSUSE:Factory/.python-flask-jwt-extended.new.7948/python-flask-jwt-extended.changes
2019-09-25 08:44:12.098257060 +0200
@@ -1,0 +2,6 @@
+Tue Sep 24 11:09:32 UTC 2019 - Tomáš Chvátal <tchva...@suse.com>
+
+- Update to 3.23.0:
+ * Make header reading compliant with RFC7230, section 3.2.2
+
+-------------------------------------------------------------------
Old:
----
Flask-JWT-Extended-3.22.0.tar.gz
New:
----
Flask-JWT-Extended-3.23.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-flask-jwt-extended.spec ++++++
--- /var/tmp/diff_new_pack.uPrMnm/_old 2019-09-25 08:44:12.958256945 +0200
+++ /var/tmp/diff_new_pack.uPrMnm/_new 2019-09-25 08:44:12.962256945 +0200
@@ -17,7 +17,7 @@
Name: python-flask-jwt-extended
-Version: 3.22.0
+Version: 3.23.0
Release: 0
Summary: A Flask extension that provides JWT support
License: MIT
++++++ Flask-JWT-Extended-3.22.0.tar.gz -> Flask-JWT-Extended-3.23.0.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Flask-JWT-Extended-3.22.0/Flask_JWT_Extended.egg-info/PKG-INFO
new/Flask-JWT-Extended-3.23.0/Flask_JWT_Extended.egg-info/PKG-INFO
--- old/Flask-JWT-Extended-3.22.0/Flask_JWT_Extended.egg-info/PKG-INFO
2019-08-28 18:23:28.000000000 +0200
+++ new/Flask-JWT-Extended-3.23.0/Flask_JWT_Extended.egg-info/PKG-INFO
2019-09-10 23:23:15.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: Flask-JWT-Extended
-Version: 3.22.0
+Version: 3.23.0
Summary: Extended JWT integration with Flask
Home-page: https://github.com/vimalloc/flask-jwt-extended
Author: Landon Gilbert-Bland
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-JWT-Extended-3.22.0/PKG-INFO
new/Flask-JWT-Extended-3.23.0/PKG-INFO
--- old/Flask-JWT-Extended-3.22.0/PKG-INFO 2019-08-28 18:23:32.000000000
+0200
+++ new/Flask-JWT-Extended-3.23.0/PKG-INFO 2019-09-10 23:23:20.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: Flask-JWT-Extended
-Version: 3.22.0
+Version: 3.23.0
Summary: Extended JWT integration with Flask
Home-page: https://github.com/vimalloc/flask-jwt-extended
Author: Landon Gilbert-Bland
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Flask-JWT-Extended-3.22.0/flask_jwt_extended/__init__.py
new/Flask-JWT-Extended-3.23.0/flask_jwt_extended/__init__.py
--- old/Flask-JWT-Extended-3.22.0/flask_jwt_extended/__init__.py
2019-08-28 18:20:10.000000000 +0200
+++ new/Flask-JWT-Extended-3.23.0/flask_jwt_extended/__init__.py
2019-09-10 23:20:30.000000000 +0200
@@ -11,4 +11,4 @@
unset_jwt_cookies, unset_refresh_cookies
)
-__version__ = '3.22.0'
+__version__ = '3.23.0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Flask-JWT-Extended-3.22.0/flask_jwt_extended/view_decorators.py
new/Flask-JWT-Extended-3.23.0/flask_jwt_extended/view_decorators.py
--- old/Flask-JWT-Extended-3.22.0/flask_jwt_extended/view_decorators.py
2019-08-28 18:19:52.000000000 +0200
+++ new/Flask-JWT-Extended-3.23.0/flask_jwt_extended/view_decorators.py
2019-09-10 23:20:16.000000000 +0200
@@ -1,6 +1,7 @@
from functools import wraps
from datetime import datetime
from calendar import timegm
+from re import split
from werkzeug.exceptions import BadRequest
@@ -170,12 +171,29 @@
header_type = config.header_type
# Verify we have the auth header
- jwt_header = request.headers.get(header_name, None)
- if not jwt_header:
+ auth_header = request.headers.get(header_name, None)
+ if not auth_header:
raise NoAuthorizationError("Missing {} Header".format(header_name))
# Make sure the header is in a valid format that we are expecting, ie
# <HeaderName>: <HeaderType(optional)> <JWT>
+ jwt_header = None
+
+ # Check if header is comma delimited, ie
+ # <HeaderName>: <field> <value>, <field> <value>, etc...
+ if header_type:
+ field_values = split(r',\s*', auth_header)
+ jwt_header = [s for s in field_values if s.split()[0] == header_type]
+ if len(jwt_header) < 1:
+ msg = "Bad {} header. Expected value '{} <JWT>'".format(
+ header_name,
+ header_type
+ )
+ raise InvalidHeaderError(msg)
+ jwt_header = jwt_header[0]
+ else:
+ jwt_header = auth_header
+
parts = jwt_header.split()
if not header_type:
if len(parts) != 1:
@@ -183,12 +201,6 @@
raise InvalidHeaderError(msg)
encoded_token = parts[0]
else:
- if parts[0] != header_type or len(parts) != 2:
- msg = "Bad {} header. Expected value '{} <JWT>'".format(
- header_name,
- header_type
- )
- raise InvalidHeaderError(msg)
encoded_token = parts[1]
return encoded_token, None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-JWT-Extended-3.22.0/tests/test_headers.py
new/Flask-JWT-Extended-3.23.0/tests/test_headers.py
--- old/Flask-JWT-Extended-3.22.0/tests/test_headers.py 2018-08-04
16:07:07.000000000 +0200
+++ new/Flask-JWT-Extended-3.23.0/tests/test_headers.py 2019-09-10
23:20:16.000000000 +0200
@@ -19,6 +19,39 @@
return app
+def test_default_headers(app):
+ app.config
+ test_client = app.test_client()
+
+ with app.test_request_context():
+ access_token = create_access_token('username')
+
+ # Ensure other authorization types don't work
+ access_headers = {'Authorization': 'Basic basiccreds'}
+ response = test_client.get('/protected', headers=access_headers)
+ expected_json = {'msg': "Bad Authorization header. Expected value 'Bearer
<JWT>'"}
+ assert response.status_code == 422
+ assert response.get_json() == expected_json
+
+ # Ensure default headers work
+ access_headers = {'Authorization': 'Bearer {}'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
+
+ # Ensure default headers work with multiple field values
+ access_headers = {'Authorization': 'Bearer {}, Basic
creds'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
+
+ # Ensure default headers work with multiple field values in any position
+ access_headers = {'Authorization': 'Basic creds, Bearer
{}'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
+
+
def test_custom_header_name(app):
app.config['JWT_HEADER_NAME'] = 'Foo'
test_client = app.test_client()
@@ -38,6 +71,18 @@
assert response.status_code == 200
assert response.get_json() == {'foo': 'bar'}
+ # Ensure new headers work with multiple field values
+ access_headers = {'Foo': 'Bearer {}, Basic
randomcredshere'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
+
+ # Ensure new headers work with multiple field values in any position
+ access_headers = {'Foo': 'Basic randomcredshere, Bearer
{}'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
+
def test_custom_header_type(app):
app.config['JWT_HEADER_TYPE'] = 'JWT'
@@ -58,6 +103,18 @@
response = test_client.get('/protected', headers=access_headers)
assert response.status_code == 200
assert response.get_json() == {'foo': 'bar'}
+
+ # Ensure new headers work with multiple field values
+ access_headers = {'Authorization': 'JWT {}, Basic
creds'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
+
+ # Ensure new headers work with multiple field values in any position
+ access_headers = {'Authorization': 'Basic creds, JWT
{}'.format(access_token)}
+ response = test_client.get('/protected', headers=access_headers)
+ assert response.status_code == 200
+ assert response.get_json() == {'foo': 'bar'}
# Insure new headers without a type also work
app.config['JWT_HEADER_TYPE'] = ''
