CVS commit: pkgsrc/textproc/py-JWT

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/py-JWT
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Sun, 7 Mar 2021 17:14:41 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Sun Mar  7 17:14:41 UTC 2021

Modified Files:
        pkgsrc/textproc/py-JWT: Makefile PLIST distinfo
Removed Files:
        pkgsrc/textproc/py-JWT: ALTERNATIVES

Log Message:
py-JWT: updated to 2.0.1

v2.0.1

Changed
- Rename CHANGELOG.md to CHANGELOG.rst and include in docs

Fixed
- Fix `from_jwk()` for all algorithms

v2.0.0

Drop support for Python 2 and Python 3.0-3.5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
the last one supporting Python 3.0-3.5.

Require cryptography >= 3
^^^^^^^^^^^^^^^^^^^^^^^^^

Drop support for PyCrypto and ECDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We've kept this around for a long time, mostly for environments that
didn't allow installing cryptography.

Drop CLI
^^^^^^^^

Dropped the included cli entry point.

Improve typings
^^^^^^^^^^^^^^^

We no longer need to use mypy Python 2 compatibility mode (comments)

``jwt.encode(...)`` return type
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Tokens are returned as string instead of a byte string

Dropped deprecated errors
^^^^^^^^^^^^^^^^^^^^^^^^^

Removed ``ExpiredSignature``, ``InvalidAudience``, and
``InvalidIssuer``. Use ``ExpiredSignatureError``,
``InvalidAudienceError``, and ``InvalidIssuerError`` instead.

Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use
``jwt.decode(encoded, key, algorithms=["HS256"], options={"verify_exp": False})``
instead.

Dropped deprecated ``verify`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
instead.

Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.

Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

For example, instead of
``jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True})``,
use
``jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]})``.

Added
~~~~~

Introduce better experience for JWKs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``.

.. code:: python

    import jwt
    from jwt import PyJWKClient

    token = 
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
    kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
    url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json";

    jwks_client = PyJWKClient(url)
    signing_key = jwks_client.get_signing_key_from_jwt(token)

    data = jwt.decode(
        token,
        signing_key.key,
        algorithms=["RS256"],
        audience="https://expenses-api";,
        options={"verify_exp": False},
    )
    print(data)

Support for JWKs containing ECDSA keys
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add support for Ed25519 / EdDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Pull Requests
~~~~~~~~~~~~~
-  Add PyPy3 to the test matrix
-  Require tweak
-  Decode return type is dict[str, Any]
-  Fix linter error in test\_cli
-  Run mypy with tox
-  Document (and prefer) pyjwt[crypto] req format
-  Correct type for json\_encoder argument
-  Prefer https:// links where available
-  Pass python\_requires argument to setuptools
-  Rename [wheel] section to [bdist\_wheel] as the former is legacy
-  Remove setup.py test command in favor of pytest and tox
-  Fix mypy errors
-  DX Tweaks
-  Add support of python 3.8
-  Fix 406
-  Add support for Ed25519 / EdDSA, with unit tests
-  Remove Python 2.7 compatibility
-  Fix simple typo: encododed -> encoded
-  Enhance tracebacks.
-  Simplify ``python_requires``
-  Document top-level .encode and .decode
-  Improve documentation for audience usage
-  Correct README on how to run tests locally
-  Fix ``tox -e lint`` warnings and errors
-  Run pyupgrade across project to use modern Python 3 conventions
-  Add Python-3-only trove classifier and remove "universal" from wheel
-  Emit warnings about user code, not pyjwt code
-  Move setup information to declarative setup.cfg
-  CLI options for verifying audience and issuer
-  Specify the target Python version for mypy
-  Remove unnecessary compatibility shims for Python 2
-  Setup GH Actions
-  Implementation of ECAlgorithm.from\_jwk
-  Remove cli entry point
-  Expose InvalidKeyError on jwt module
-  Avoid loading token twice in pyjwt.decode
-  Default links to stable version of documentation
-  Update README.md badges
-  Introduce better experience for JWKs
-  Fix tox conditional extras
-  Return tokens as string not bytes
-  Drop support for legacy contrib algorithms
-  Drop deprecation warnings
-  Update Auth0 sponsorship link
-  Update return type for jwt.encode
-  Run tests against Python 3.9 and add trove classifier
-  Removed redundant ``default_backend()``
-  Documents how to use private keys with passphrases
-  Update version to 2.0.0a1
-  Fix usage example
-  add EdDSA to docs
-  Remove support for EOL Python 3.5
-  Upgrade to isort 5 and adjust configurations
-  Remove unused argument "verify" from PyJWS.decode()
-  Update typing syntax and usage for Python 3.6+
-  Run pyupgrade to simplify code and use Python 3.6 syntax
-  Drop unknown pytest config option: strict
-  Upgrade black version and usage
-  Remove "Command line" sections from docs
-  Use existing key\_path() utility function throughout tests
-  Replace force\_bytes()/force\_unicode() in tests with literals
-  Remove unnecessary Unicode decoding before json.loads()
-  Remove unnecessary force\_bytes() calls priot to base64url\_decode()
-  Remove deprecated arguments from docs
-  Update code blocks in docs
-  Refactor jwt/jwks\_client.py without requests dependency
-  Tighten bytes/str boundaries and remove unnecessary coercing
-  Replace codecs.open() with builtin open()
-  Replace int\_from\_bytes() with builtin int.from\_bytes()
-  Enforce .encode() return type using mypy
-  Prefer direct indexing over options.get()
-  Cleanup "noqa" comments
-  Replace merge\_dict() with builtin dict unpacking generalizations
-  Do not mutate the input payload in PyJWT.encode()
-  Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
-  Split PyJWT/PyJWS classes to tighten type interfaces
-  Simplify mocked\_response test utility function
-  Autoupdate pre-commit hooks and apply them
-  Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
-  Add utility functions to assist test skipping
-  Type hint jwt.utils module
-  Prefer ModuleNotFoundError over ImportError
-  Fix tox "manifest" environment to pass
-  Fix tox "docs" environment to pass
-  Simplify black configuration to be closer to upstream defaults
-  Use generator expressions
-  Simplify from\_base64url\_uint()
-  Drop lint environment from GitHub actions in favor of pre-commit.ci
-  [pre-commit.ci] pre-commit autoupdate
-  Simplify tox configuration
-  Combine identical test functions using pytest.mark.parametrize()
-  Complete type hinting of jwks\_client.py


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/py-JWT/ALTERNATIVES
cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/py-JWT/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/py-JWT/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/textproc/py-JWT/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/py-JWT/Makefile
diff -u pkgsrc/textproc/py-JWT/Makefile:1.13 pkgsrc/textproc/py-JWT/Makefile:1.14
--- pkgsrc/textproc/py-JWT/Makefile:1.13        Sun May 17 21:38:45 2020
+++ pkgsrc/textproc/py-JWT/Makefile     Sun Mar  7 17:14:41 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2020/05/17 21:38:45 adam Exp $
+# $NetBSD: Makefile,v 1.14 2021/03/07 17:14:41 adam Exp $
 
-DISTNAME=      PyJWT-1.7.1
+DISTNAME=      PyJWT-2.0.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:S/Py//}
 CATEGORIES=    textproc python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=P/PyJWT/}
@@ -10,13 +10,15 @@ HOMEPAGE=   https://github.com/jpadilla/py
 COMMENT=       JSON Web Token implementation in Python
 LICENSE=       mit
 
-DEPENDS+=      ${PYPKGPREFIX}-cryptography>=1.4:../../security/py-cryptography
-TEST_DEPENDS+= ${PYPKGPREFIX}-test-cov>=2.5.1:../../devel/py-test-cov
-TEST_DEPENDS+= ${PYPKGPREFIX}-test-runner>=4.2:../../devel/py-test-runner
-
-post-install:
-       cd ${DESTDIR}${PREFIX}/bin && \
-       ${MV} pyjwt jwt-${PYVERSSUFFIX} || ${TRUE}
+DEPENDS+=      ${PYPKGPREFIX}-cryptography>=3.3.1:../../security/py-cryptography
+TEST_DEPENDS+= ${PYPKGPREFIX}-test>=6.0.0:../../devel/py-test
+
+USE_LANGUAGES= # none
+
+PYTHON_VERSIONS_INCOMPATIBLE=  27
+
+do-test:
+       cd ${WRKSRC} && pytest-${PYVERSSUFFIX} tests
 
 .include "../../lang/python/egg.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/textproc/py-JWT/PLIST
diff -u pkgsrc/textproc/py-JWT/PLIST:1.3 pkgsrc/textproc/py-JWT/PLIST:1.4
--- pkgsrc/textproc/py-JWT/PLIST:1.3    Wed May 23 09:35:27 2018
+++ pkgsrc/textproc/py-JWT/PLIST        Sun Mar  7 17:14:41 2021
@@ -1,47 +1,35 @@
-@comment $NetBSD: PLIST,v 1.3 2018/05/23 09:35:27 adam Exp $
-bin/jwt-${PYVERSSUFFIX}
+@comment $NetBSD: PLIST,v 1.4 2021/03/07 17:14:41 adam Exp $
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
 ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
-${PYSITELIB}/${EGG_INFODIR}/entry_points.txt
+${PYSITELIB}/${EGG_INFODIR}/not-zip-safe
 ${PYSITELIB}/${EGG_INFODIR}/requires.txt
 ${PYSITELIB}/${EGG_INFODIR}/top_level.txt
 ${PYSITELIB}/jwt/__init__.py
 ${PYSITELIB}/jwt/__init__.pyc
 ${PYSITELIB}/jwt/__init__.pyo
-${PYSITELIB}/jwt/__main__.py
-${PYSITELIB}/jwt/__main__.pyc
-${PYSITELIB}/jwt/__main__.pyo
 ${PYSITELIB}/jwt/algorithms.py
 ${PYSITELIB}/jwt/algorithms.pyc
 ${PYSITELIB}/jwt/algorithms.pyo
+${PYSITELIB}/jwt/api_jwk.py
+${PYSITELIB}/jwt/api_jwk.pyc
+${PYSITELIB}/jwt/api_jwk.pyo
 ${PYSITELIB}/jwt/api_jws.py
 ${PYSITELIB}/jwt/api_jws.pyc
 ${PYSITELIB}/jwt/api_jws.pyo
 ${PYSITELIB}/jwt/api_jwt.py
 ${PYSITELIB}/jwt/api_jwt.pyc
 ${PYSITELIB}/jwt/api_jwt.pyo
-${PYSITELIB}/jwt/compat.py
-${PYSITELIB}/jwt/compat.pyc
-${PYSITELIB}/jwt/compat.pyo
-${PYSITELIB}/jwt/contrib/__init__.py
-${PYSITELIB}/jwt/contrib/__init__.pyc
-${PYSITELIB}/jwt/contrib/__init__.pyo
-${PYSITELIB}/jwt/contrib/algorithms/__init__.py
-${PYSITELIB}/jwt/contrib/algorithms/__init__.pyc
-${PYSITELIB}/jwt/contrib/algorithms/__init__.pyo
-${PYSITELIB}/jwt/contrib/algorithms/py_ecdsa.py
-${PYSITELIB}/jwt/contrib/algorithms/py_ecdsa.pyc
-${PYSITELIB}/jwt/contrib/algorithms/py_ecdsa.pyo
-${PYSITELIB}/jwt/contrib/algorithms/pycrypto.py
-${PYSITELIB}/jwt/contrib/algorithms/pycrypto.pyc
-${PYSITELIB}/jwt/contrib/algorithms/pycrypto.pyo
 ${PYSITELIB}/jwt/exceptions.py
 ${PYSITELIB}/jwt/exceptions.pyc
 ${PYSITELIB}/jwt/exceptions.pyo
 ${PYSITELIB}/jwt/help.py
 ${PYSITELIB}/jwt/help.pyc
 ${PYSITELIB}/jwt/help.pyo
+${PYSITELIB}/jwt/jwks_client.py
+${PYSITELIB}/jwt/jwks_client.pyc
+${PYSITELIB}/jwt/jwks_client.pyo
+${PYSITELIB}/jwt/py.typed
 ${PYSITELIB}/jwt/utils.py
 ${PYSITELIB}/jwt/utils.pyc
 ${PYSITELIB}/jwt/utils.pyo

Index: pkgsrc/textproc/py-JWT/distinfo
diff -u pkgsrc/textproc/py-JWT/distinfo:1.10 pkgsrc/textproc/py-JWT/distinfo:1.11
--- pkgsrc/textproc/py-JWT/distinfo:1.10        Mon Dec 10 09:02:58 2018
+++ pkgsrc/textproc/py-JWT/distinfo     Sun Mar  7 17:14:41 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.10 2018/12/10 09:02:58 adam Exp $
+$NetBSD: distinfo,v 1.11 2021/03/07 17:14:41 adam Exp $
 
-SHA1 (PyJWT-1.7.1.tar.gz) = 10067a763a8b788e3573a6d6cab32240a1d8dea0
-RMD160 (PyJWT-1.7.1.tar.gz) = bfe7a0ea07327593b728ba82766d809ae4c1be75
-SHA512 (PyJWT-1.7.1.tar.gz) = 70cd38127b6848933992c8b88303725ef71bfb430ad42eb63247e549b0bdab2a194137349d43ab02a1c97212dbc89f447ee3f0c5403dd14632b8b4b6b9235fc4
-Size (PyJWT-1.7.1.tar.gz) = 41979 bytes
+SHA1 (PyJWT-2.0.1.tar.gz) = 5c79722727ced3d9524fda667034a949c1047ff9
+RMD160 (PyJWT-2.0.1.tar.gz) = b0adbd8f466e723e48a60ab8efadfc2bfcd42c9c
+SHA512 (PyJWT-2.0.1.tar.gz) = a59b975fb465b44e4d84e3ef0380ed5107438e202e073238700bd700e8871098b9c59a849d157ade7888eef32609078571e2b8af09dca0752d7a18c370c2a0a5
+Size (PyJWT-2.0.1.tar.gz) = 57496 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/security/py-oauthlib
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/security/py-oauthlib
Indexes:

Home | Main Index | Thread Index | Old Index