Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to provide current time when decoding JWT #267

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ZipFile
Copy link

@ZipFile ZipFile commented Jul 4, 2021

  • Makes possible to fake a time without using freezegun:freeze_time or unittest.mock:patch. Less monkey patching == better code.
  • Makes possible to reuse current time fetched elsewhere (e.g. from request).

@codecov
Copy link

codecov bot commented Jul 4, 2021

Codecov Report

Merging #267 (7a66496) into master (be8e914) will not change coverage.
The diff coverage is 100.00%.

❗ Current head 7a66496 differs from pull request most recent head 9667b78. Consider uploading reports for the commit 9667b78 to get more accurate results
Impacted file tree graph

@@           Coverage Diff           @@
##           master     #267   +/-   ##
=======================================
  Coverage   92.94%   92.94%           
=======================================
  Files          15       15           
  Lines        1418     1418           
=======================================
  Hits         1318     1318           
  Misses        100      100           
Impacted Files Coverage Δ
jose/jwt.py 98.01% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update be8e914...9667b78. Read the comment docs.

Copy link
Contributor

@blag blag left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency injection to ease testing? 👍
Dependency injection to improve usability? 👍
Code churn for no discernible reason? 👎

If you have a good reason for prepending the now parameter like you did, I'll definitely consider it, but I haven't seen a good reason for it yet. Please point me to it if I missed it. 😅

jose/jwt.py Outdated Show resolved Hide resolved
jose/jwt.py Outdated
@@ -455,7 +459,7 @@ def _validate_at_hash(claims, access_token, algorithm):
raise JWTClaimsError("at_hash claim does not match access_token.")


def _validate_claims(claims, audience=None, issuer=None, subject=None, algorithm=None, access_token=None, options=None):
def _validate_claims(now, claims, audience=None, issuer=None, subject=None, algorithm=None, access_token=None, options=None):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why change the function signature? Wouldn't it be easier to append now=None to the end of the parameter list and keep the function signature the same? And then use

now = now or datetime.utcnow()

to default to datetime.utcnow(), just in case anybody is using these private methods.

I realize that they're private methods, and people are signing up to keep their code up-to-date when they use these private methods, but there's no point in code churn without a good reason.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was not part of the public API (this particular function does not even have docstring to serve as a documentation), so there was no hesitation to change the signature. Making now (required) positional argument better states the intention to me.

Either way, updated.

@ZipFile ZipFile force-pushed the current-time-provisioning branch from 7a66496 to 9667b78 Compare July 5, 2021 06:19
@ZipFile ZipFile requested a review from blag July 6, 2021 06:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants