Better error messages when missing cryptography package

CHANGELOG.md

@@ -8,6 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 -------------------------------------------------------------------------
 ### Changed
 - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances.
+- Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
 
 ### Fixed
 

jwt/__main__.py

@@ -131,5 +131,6 @@ def main():
     else:
         p.print_help()
 
+
 if __name__ == '__main__':
     main()

jwt/algorithms.py

@@ -31,6 +31,9 @@
 except ImportError:
     has_crypto = False
 
+requires_cryptography = set(['RS256', 'RS384', 'RS512', 'ES256', 'ES384',
+                             'ES521', 'ES512', 'PS256', 'PS384', 'PS512'])
+
 
 def get_default_algorithms():
     """
@@ -171,6 +174,7 @@ def sign(self, msg, key):
     def verify(self, msg, key, sig):
         return constant_time_compare(sig, self.sign(msg, key))
 
+
 if has_crypto:
 
     class RSAAlgorithm(Algorithm):

jwt/api_jws.py

@@ -4,7 +4,9 @@
 
 from collections import Mapping
 
-from .algorithms import Algorithm, get_default_algorithms  # NOQA
+from .algorithms import (
+    Algorithm, get_default_algorithms, has_crypto, requires_cryptography  # NOQA
+)
 from .compat import binary_type, string_types, text_type
 from .exceptions import DecodeError, InvalidAlgorithmError, InvalidTokenError
 from .utils import base64url_decode, base64url_encode, force_bytes, merge_dict
@@ -101,7 +103,13 @@ def encode(self, payload, key, algorithm='HS256', headers=None,
             signature = alg_obj.sign(signing_input, key)
 
         except KeyError:
-            raise NotImplementedError('Algorithm not supported')
+            if not has_crypto and algorithm in requires_cryptography:
+                raise NotImplementedError(
+                    "Algorithm '%s' could not be found. Do you have cryptography "
+                    "installed?" % algorithm
+                )
+            else:
+                raise NotImplementedError('Algorithm not supported')
 
         segments.append(base64url_encode(signature))
 
@@ -198,6 +206,7 @@ def _validate_kid(self, kid):
         if not isinstance(kid, string_types):
             raise InvalidTokenError('Key ID header parameter must be a string')
 
+
 _jws_global_obj = PyJWS()
 encode = _jws_global_obj.encode
 decode = _jws_global_obj.decode

tests/keys/__init__.py

@@ -19,6 +19,7 @@ def load_hmac_key():
 
     return base64url_decode(force_bytes(keyobj['k']))
 
+
 try:
     from cryptography.hazmat.primitives.asymmetric import ec
     from cryptography.hazmat.backends import default_backend

tests/test_api_jws.py

@@ -303,6 +303,12 @@ def test_invalid_crypto_alg(self, jws, payload):
         with pytest.raises(NotImplementedError):
             jws.encode(payload, 'secret', algorithm='HS1024')
 
+    @pytest.mark.skipif(has_crypto, reason='Scenario requires cryptography to not be installed')
+    def test_missing_crypto_library_better_error_messages(self, jws, payload):
+        with pytest.raises(NotImplementedError) as excinfo:
+            jws.encode(payload, 'secret', algorithm='RS256')
+            assert 'cryptography' in str(excinfo.value)
+
     def test_unicode_secret(self, jws, payload):
         secret = '\xc2'
         jws_message = jws.encode(payload, secret)

tests/utils.py

@@ -13,6 +13,7 @@ def key_path(key_name):
     return os.path.join(os.path.dirname(os.path.realpath(__file__)),
                         'keys', key_name)
 
+
 # Borrowed from `cryptography`
 if hasattr(int, "from_bytes"):
     int_from_bytes = int.from_bytes