Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bug if application does not specify audience #336

Merged
merged 4 commits into from
Mar 15, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions AUTHORS
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,5 @@ Patches and Suggestions
- Michael Davis <mike.philip.davis@gmail.com> <mike.davis@workiva.com>

- Vinod Gupta <codervinod@gmail.com>

- Derek Weitzel <djw8605@gmail.com>
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).

### Fixed

- Audience parameter throws `InvalidAudienceError` when application does not specify an audience, but the token does. [#336][336]
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add [336]: https://github.com/jpadilla/pyjwt/pull/336 towards the end of the file.


### Added

[v1.6.0][1.6.0]
Expand Down Expand Up @@ -222,3 +224,4 @@ rarely used. Users affected by this should upgrade to 3.3+.
[315]: https://github.com/jpadilla/pyjwt/pull/315
[316]: https://github.com/jpadilla/pyjwt/pull/316
[7c1e61d]: https://github.com/jpadilla/pyjwt/commit/7c1e61dde27bafe16e7d1bb6e35199e778962742
[336]: https://github.com/jpadilla/pyjwt/pull/336
5 changes: 5 additions & 0 deletions jwt/api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,11 @@ def _validate_aud(self, payload, audience):
# verified since the token does not contain a claim.
raise MissingRequiredClaimError('aud')

if audience is None and 'aud' in payload:
# Application did not specify an audience, but
# the token has the 'aud' claim
raise InvalidAudienceError('Invalid audience')

audience_claims = payload['aud']

if isinstance(audience_claims, string_types):
Expand Down
9 changes: 9 additions & 0 deletions tests/test_api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,15 @@ def test_check_audience_list_when_valid(self, jwt):
token = jwt.encode(payload, 'secret')
jwt.decode(token, 'secret', audience=['urn:you', 'urn:me'])

def test_check_audience_none_specified(self, jwt):
payload = {
'some': 'payload',
'aud': 'urn:me'
}
token = jwt.encode(payload, 'secret')
with pytest.raises(InvalidAudienceError):
jwt.decode(token, 'secret')

def test_raise_exception_invalid_audience_list(self, jwt):
payload = {
'some': 'payload',
Expand Down