robscc
diff --git a/‎Makefile
Lines changed: 1 addition & 1 deletion b/‎Makefile
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/unit/jwt/test_jwt.py
Lines changed: 99 additions & 71 deletions b/‎tests/unit/jwt/test_jwt.py
Lines changed: 99 additions & 71 deletions
diff --git a/‎twilio/jwt/__init__.py
Lines changed: 1 addition & 3 deletions b/‎twilio/jwt/__init__.py
Lines changed: 1 addition & 3 deletions
@@ -17,7 +17,7 @@ analysis:
 	. venv/bin/activate; flake8 --ignore=E123,E126,E128,E501,W391,W291,W293,F401 tests
 	. venv/bin/activate; flake8 --ignore=F401,W391,W291,W293 twilio --max-line-length=300
 
-test: analysis
+test: 
 	. venv/bin/activate; \
   find tests -type d | xargs nosetests
 
 
@@ -13,7 +13,7 @@
 #
 # You need to have the setuptools module installed. Try reading the setuptools
 # documentation: http://pypi.python.org/pypi/setuptools
-REQUIRES = ["httplib2 >= 0.7", "six", "pytz"]
+REQUIRES = ["httplib2 >= 0.7", "six", "pytz", "PyJWT == 1.4.2"]
 
 if sys.version_info < (2, 6):
     REQUIRES.append('simplejson')
 
@@ -1,6 +1,6 @@
 import unittest
 import jwt as jwt_lib
-import time
+import time as real_time
 
 from nose.tools import assert_true
 from mock import patch
@@ -37,153 +37,164 @@ def assertIn(self, foo, bar, msg=None):
         return assert_true(foo in bar, msg=(msg or "%s not found in %s" % (foo, bar)))
 
     def now(self):
-        return int(time.time())
+        return int(real_time.time())
+
+    def assertJwtsEqual(self, jwt, key, expected_payload=None, expected_headers=None):
+        expected_headers = expected_headers or {}
+        expected_payload = expected_payload or {}
+
+        decoded_payload = jwt_lib.decode(jwt, key, verify=False)
+        decoded_headers = jwt_lib.get_unverified_header(jwt)
+
+        self.assertEqual(expected_headers, decoded_headers)
+        self.assertEqual(expected_payload, decoded_payload)
 
     @patch('time.time')
     def test_basic_encode(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 3600, 'nbf': 0},
-            'secret_key',
-            algorithm='HS256'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0},
+        )
 
     @patch('time.time')
     def test_encode_with_subject(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', subject='subject', headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 3600, 'nbf': 0, 'sub': 'subject'},
-            'secret_key',
-            algorithm='HS256'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0, 'sub': 'subject'},
+        )
 
     @patch('time.time')
     def test_encode_custom_ttl(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', ttl=10, headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 10, 'nbf': 0},
-            'secret_key',
-            algorithm='HS256'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 10, 'nbf': 0},
+        )
 
     @patch('time.time')
     def test_encode_ttl_added_to_current_time(self, time_mock):
         time_mock.return_value = 50.0
 
         jwt = DummyJwt('secret_key', 'issuer', ttl=10, headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 60, 'nbf': 50},
-            'secret_key',
-            algorithm='HS256'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 60, 'nbf': 50},
+        )
 
     @patch('time.time')
     def test_encode_override_ttl(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', ttl=10, headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 20, 'nbf': 0},
+
+        self.assertJwtsEqual(
+            jwt.to_jwt(ttl=20),
             'secret_key',
-            algorithm='HS256'
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 20, 'nbf': 0},
         )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt(ttl=20))
-
     @patch('time.time')
     def test_encode_valid_until_overrides_ttl(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', ttl=10, valid_until=70, headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 70, 'nbf': 0},
-            'secret_key',
-            algorithm='HS256'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 70, 'nbf': 0},
+        )
 
     @patch('time.time')
     def test_encode_custom_nbf(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', ttl=10, nbf=5, headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 10, 'nbf': 5},
-            'secret_key',
-            algorithm='HS256'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 10, 'nbf': 5},
+        )
 
     @patch('time.time')
     def test_encode_custom_algorithm(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', algorithm='HS512', headers={}, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 3600, 'nbf': 0},
-            'secret_key',
-            algorithm='HS512'
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS512'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0},
+        )
 
     @patch('time.time')
-    def test_encode_with_headers(self, time_mock):
+    def test_encode_override_algorithm(self, time_mock):
         time_mock.return_value = 0.0
-        headers = {'sooper': 'secret'}
 
-        jwt = DummyJwt('secret_key', 'issuer', algorithm='HS512', headers=headers, payload={})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 3600, 'nbf': 0},
+        jwt = DummyJwt('secret_key', 'issuer', algorithm='HS256', headers={}, payload={})
+
+        self.assertJwtsEqual(
+            jwt.to_jwt(algorithm='HS512'),
             'secret_key',
-            algorithm='HS512',
-            headers=headers
+            expected_headers={'typ': 'JWT', 'alg': 'HS512'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0},
         )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+    @patch('time.time')
+    def test_encode_with_headers(self, time_mock):
+        time_mock.return_value = 0.0
+
+        jwt = DummyJwt('secret_key', 'issuer', algorithm='HS256', headers={'sooper': 'secret'},
+                       payload={})
+
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256', 'sooper': 'secret'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0},
+        )
 
     @patch('time.time')
     def test_encode_with_payload(self, time_mock):
         time_mock.return_value = 0.0
 
-   
F438
     jwt = DummyJwt('secret_key', 'issuer', algorithm='HS512', payload={'root': 'true'})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 3600, 'nbf': 0, 'root': 'true'},
-            'secret_key',
-            algorithm='HS512'
-        )
+        jwt = DummyJwt('secret_key', 'issuer', algorithm='HS256', payload={'root': 'true'})
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0, 'root': 'true'},
+        )
 
     @patch('time.time')
     def test_encode_with_payload_and_headers(self, time_mock):
         time_mock.return_value = 0.0
 
         jwt = DummyJwt('secret_key', 'issuer', headers={'yes': 'oui'}, payload={'pay': 'me'})
-        expected_jwt = jwt_lib.encode(
-            {'iss': 'issuer', 'exp': 3600, 'nbf': 0, 'pay': 'me'},
-            'secret_key',
-            algorithm='HS256',
-            headers={'yes': 'oui'}
-        )
 
-        self.assertEqual(expected_jwt, jwt.to_jwt())
+        self.assertJwtsEqual(
+            jwt.to_jwt(), 'secret_key',
+            expected_headers={'typ': 'JWT', 'alg': 'HS256', 'yes': 'oui'},
+            expected_payload={'iss': 'issuer', 'exp': 3600, 'nbf': 0, 'pay': 'me'},
+        )
 
     def test_encode_invalid_crypto_alg_fails(self):
         jwt = DummyJwt('secret_key', 'issuer', algorithm='PlzDontTouchAlgorithm')
@@ -217,6 +228,23 @@ def test_decode_bad_secret(self):
         jwt = DummyJwt('secret_key', 'issuer')
         self.assertRaises(JwtDecodeError, Jwt.from_jwt, jwt.to_jwt(), 'letmeinplz')
 
+    def test_decode_modified_jwt_fails(self):
+        jwt = DummyJwt('secret_key', 'issuer')
+        example_jwt = jwt.to_jwt().decode('utf-8')
+        example_jwt = 'ABC' + example_jwt[3:]
+        example_jwt = example_jwt.encode('utf-8')
+
+        self.assertRaises(JwtDecodeError, Jwt.from_jwt, example_jwt, 'secret_key')
+
+    def test_decode_validates_expiration(self):
+        expired_jwt = DummyJwt('secret_key', 'issuer', valid_until=self.now())
+        real_time.sleep(1)
+        self.assertRaises(JwtDecodeError, Jwt.from_jwt, expired_jwt.to_jwt(), 'secret_key')
+
+    def test_decode_validates_nbf(self):
+        expired_jwt = DummyJwt('secret_key', 'issuer', nbf=self.now() + 3600)   # valid 1hr from now
+        self.assertRaises(JwtDecodeError, Jwt.from_jwt, expired_jwt.to_jwt(), 'secret_key')
+
     def test_decodes_valid_jwt(self):
         expiry_time = self.now() + 1000
         example_jwt = jwt_lib.encode(
 
@@ -6,8 +6,6 @@
     import simplejson as json
 
 import time
-import hashlib
-import hmac
 import base64
 from six import b
 
@@ -149,7 +147,7 @@ def from_jwt(cls, jwt, key=''):
             })
             headers = jwt_lib.get_unverified_header(jwt)
         except Exception as e:
-            raise JwtDecodeError(e.message)
+            raise JwtDecodeError(getattr(e, 'message', str(e)))
 
         return cls._from_jwt(headers, payload, key)
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`#`
`14`	`14`	`# You need to have the setuptools module installed. Try reading the setuptools`
`15`	`15`	`# documentation: http://pypi.python.org/pypi/setuptools`
`16`		`-REQUIRES = ["httplib2 >= 0.7", "six", "pytz"]`
	`16`	`+REQUIRES = ["httplib2 >= 0.7", "six", "pytz", "PyJWT == 1.4.2"]`
`17`	`17`
`18`	`18`	`if sys.version_info < (2, 6):`
`19`	`19`	`REQUIRES.append('simplejson')`