Skip to content

Commit

Permalink
Merge pull request #146 from ahopkins/dev
Browse files Browse the repository at this point in the history
Version 1.2.1 - 2018-12-04
  • Loading branch information
ahopkins authored Dec 4, 2018
2 parents eb4b55d + 73799af commit 0b56cd6
Show file tree
Hide file tree
Showing 10 changed files with 63 additions and 7 deletions.
2 changes: 1 addition & 1 deletion docs/source/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
# The short X.Y version.
version = u"1.2"
# The full version, including alpha/beta/rc tags.
release = u"1.2.0"
release = u"1.2.1"

# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
Expand Down
8 changes: 8 additions & 0 deletions docs/source/pages/changelog.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ Changelog

The format is based on `Keep a Changelog <http://keepachangelog.com/en/1.0.0/>`_ and this project adheres to `Semantic Versioning <http://semver.org/spec/v2.0.0.html>`_.

++++++++++++++++++++++++++
Version 1.2.1 - 2018-12-04
++++++++++++++++++++++++++

| **Fixed**
| - `#143 <https://github.com/ahopkins/sanic-jwt/issues/143>`_. Security bug resolved on empty tokens
|
++++++++++++++++++++++++++
Version 1.2.0 - 2018-08-06
++++++++++++++++++++++++++
Expand Down
2 changes: 1 addition & 1 deletion sanic_jwt/__init__.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
__version__ = "1.2.0"
__version__ = "1.2.1"
__author__ = "Adam Hopkins"
__credits__ = "Richard Kuesters"

Expand Down
7 changes: 4 additions & 3 deletions sanic_jwt/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ def _get_token(self, request, refresh_token=False):
"""
if self.config.cookie_set():
token = self._get_token_from_cookies(request, refresh_token)
if token is not None:
if token:
return token

else:
Expand All @@ -298,15 +298,16 @@ def _get_token(self, request, refresh_token=False):

if self.config.query_string_set():
token = self._get_token_from_query_string(request, refresh_token)
if token is not None:
if token:
return token

else:
if self.config.query_string_strict():
raise exceptions.MissingAuthorizationQueryArg()

token = self._get_token_from_headers(request, refresh_token)
if token is not None:

if token:
return token

raise exceptions.MissingAuthorizationHeader()
Expand Down
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

setup(
name="sanic-jwt",
version="1.2.0",
version="1.2.1",
description="JWT oauth flow for Sanic",
url="https://github.com/ahopkins/sanic-jwt",
download_url="https://github.com/ahopkins/sanic-jwt/archive/master.zip",
Expand Down
20 changes: 20 additions & 0 deletions tests/test_endpoints_basic.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,26 @@ def test_auth_verify_missing_token_debug(app):
assert "Authorization header not present." in response.json.get("reasons")


def test_auth_verify_invalid_token(app):
sanic_app, _ = app
_, response = sanic_app.test_client.get(
"/auth/verify", headers={"Authorization": "Bearer "}
)
assert response.status == 400
assert response.json.get("exception") == "InvalidAuthorizationHeader"
assert "Authorization header is invalid." in response.json.get("reasons")


def test_auth_verify_invalid_token(app):
sanic_app, _ = app
_, response = sanic_app.test_client.get(
"/auth/verify", headers={"Authorization": "Bearer "}
)
assert response.status == 401
assert response.json.get("exception") == "MissingAuthorizationHeader"
assert "Authorization header not present." in response.json.get("reasons")


def test_auth_refresh_not_found(app):
sanic_app, _ = app
_, response = sanic_app.test_client.post("/auth/refresh")
Expand Down
13 changes: 13 additions & 0 deletions tests/test_endpoints_cookies.py
Original file line number Diff line number Diff line change
Expand Up @@ -365,3 +365,16 @@ def test_refresh_token_with_cookies_not_strict(
sanicjwt.config.cookie_refresh_token_name(), None
) is None # there is no new refresh token
assert sanicjwt.config.cookie_refresh_token_name() not in response.json

def test_auth_verify_invalid_token(self, app_with_refresh_token):
sanic_app, sanicjwt = app_with_refresh_token

_, response = sanic_app.test_client.get(
"/auth/verify",
cookies={sanicjwt.config.cookie_access_token_name(): ""},
)
assert response.status == 401
assert response.json.get("exception") == "MissingAuthorizationCookie"
assert "Authorization cookie not present." in response.json.get(
"reasons"
)
14 changes: 14 additions & 0 deletions tests/test_endpoints_query_string.py
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,17 @@ def test_refresh_token_with_query_string_not_strict(
sanicjwt.config.query_string_refresh_token_name(), None
) is None # there is no new refresh token
assert sanicjwt.config.query_string_refresh_token_name() not in response.json

def test_auth_verify_invalid_token(self, app_with_refresh_token):
sanic_app, sanicjwt = app_with_refresh_token

_, response = sanic_app.test_client.get(
"/auth/verify?{}=".format(
sanicjwt.config.cookie_access_token_name()
)
)
assert response.status == 401
assert response.json.get("exception") == "MissingAuthorizationQueryArg"
assert "Authorization query argument not present." in response.json.get(
"reasons"
)
Empty file added tests/test_static.py
Empty file.
2 changes: 1 addition & 1 deletion tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ commands =
deps = coverage
skip_install = true
commands =
; coverage combine --append
coverage combine --append
coverage report
coverage html

Expand Down

0 comments on commit 0b56cd6

Please sign in to comment.