Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove AssertionErrors #40

Merged
merged 5 commits into from
Nov 9, 2016
Merged

remove AssertionErrors #40

merged 5 commits into from
Nov 9, 2016

Conversation

leohemsted
Copy link
Contributor

replace AssertionErrors with new TokenDecodeError subclasses

if your provided JWT token is missing either the 'iss' or 'iat' fields,
we now raise TokenIssuerError or TokenIssuedAtError respectively,
rather than AssertionErrors

@leohemsted
remove monotonic as a dependency
8f5b0b1
@leohemsted
replace AssertionErrors with new TokenDecodeError subclasses
40b0cb7 
if your provided JWT token is missing either the 'iss' or 'iat' fields,
we now raise TokenIssuerError or TokenIssuedAtError respectively,
rather than AssertionErrors
@leohemsted
bump version to 2.0.0
9a4bcf4 
replacing AssertionError with TokenDecodeError changes the signature
of our auth functions - if the user is expecting an AssertionError
this is a breaking change
@leohemsted leohemsted mentioned this pull request Nov 3, 2016
Merged
1 task
quis
quis previously requested changes Nov 7, 2016
View reviewed changes
Copy link
Member

@quis quis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could do with a test for missing iat, otherwise 👍 .

@leohemsted
Copy link
Contributor Author

@quis iat test is found in admin app, since i wanted to make sure i was also capturing our authhandler's logic

alphagov/notifications-api@f089b75#diff-707b2a6eab3566cfd44abdb93239c959R67

@leohemsted
ensure decode_jwt_token is tested as well as get_token_issuer
2efb613 
in practice we get the issuer before we decode the token so a bad method invocation was not caught by notifications-api tests, so ensure that the decode_jwt_token method is well tested
@leohemsted leohemsted dismissed quis’s stale review November 9, 2016 13:59

gonna merge anyway

@leohemsted leohemsted merged commit e846c0d into master Nov 9, 2016
@leohemsted leohemsted deleted the auth-500 branch November 9, 2016 14:00
@pyup-bot pyup-bot mentioned this pull request Jul 24, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@quis quis quis left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leohemsted @quis