Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Raise exception when required cryptography dependency is missing #963

Merged
merged 4 commits into from
Jul 5, 2024
Merged

Raise exception when required cryptography dependency is missing #963

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2daed5b
Raise exception when required cryptography dependency is missing
tobloef Jul 5, 2024
16bf843
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jul 5, 2024
a05d0fd
Add tests for `MissingCryptographyError`
tobloef Jul 5, 2024
1845a85
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jul 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions jwt/api_jwk.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,13 @@
from typing import Any

from .algorithms import get_default_algorithms, has_crypto, requires_cryptography
from .exceptions import InvalidKeyError, PyJWKError, PyJWKSetError, PyJWTError
from .exceptions import (
InvalidKeyError,
MissingCryptographyError,
PyJWKError,
PyJWKSetError,
PyJWTError,
)
from .types import JWKDict


Expand Down Expand Up @@ -50,7 +56,9 @@ def __init__(self, jwk_data: JWKDict, algorithm: str | None = None) -> None:
raise InvalidKeyError(f"Unsupported kty: {kty}")

if not has_crypto and algorithm in requires_cryptography:
raise PyJWKError(f"{algorithm} requires 'cryptography' to be installed.")
raise MissingCryptographyError(
f"{algorithm} requires 'cryptography' to be installed."
)

self.algorithm_name = algorithm

Expand Down Expand Up @@ -96,7 +104,9 @@ def __init__(self, keys: list[JWKDict]) -> None:
for key in keys:
try:
self.keys.append(PyJWK(key))
except PyJWTError:
except PyJWTError as error:
if isinstance(error, MissingCryptographyError):
raise error
# skip unusable keys
continue

Expand Down
4 changes: 4 additions & 0 deletions jwt/exceptions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ class PyJWKError(PyJWTError):
pass


class MissingCryptographyError(PyJWKError):
pass


class PyJWKSetError(PyJWTError):
pass

Expand Down
24 changes: 22 additions & 2 deletions tests/test_api_jwk.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,12 @@

from jwt.algorithms import has_crypto
from jwt.api_jwk import PyJWK, PyJWKSet
from jwt.exceptions import InvalidKeyError, PyJWKError, PyJWKSetError
from jwt.exceptions import (
InvalidKeyError,
MissingCryptographyError,
PyJWKError,
PyJWKSetError,
)

from .utils import crypto_required, key_path, no_crypto_required

Expand Down Expand Up @@ -212,9 +217,14 @@ def test_missing_crypto_library_good_error_message(self):
PyJWK({"kty": "dummy"}, algorithm="RS256")
assert "cryptography" in str(exc.value)

@no_crypto_required
def test_missing_crypto_library_raises_missing_cryptography_error(self):
with pytest.raises(MissingCryptographyError):
PyJWK({"kty": "dummy"}, algorithm="RS256")


@crypto_required
class TestPyJWKSet:
@crypto_required
def test_should_load_keys_from_jwk_data_dict(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)

Expand All @@ -236,6 +246,7 @@ def test_should_load_keys_from_jwk_data_dict(self):
assert jwk.key_id == "keyid-abc123"
assert jwk.public_key_use == "sig"

@crypto_required
def test_should_load_keys_from_jwk_data_json_string(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)

Expand All @@ -257,6 +268,7 @@ def test_should_load_keys_from_jwk_data_json_string(self):
assert jwk.key_id == "keyid-abc123"
assert jwk.public_key_use == "sig"

@crypto_required
def test_keyset_should_index_by_kid(self):
algo = RSAAlgorithm(RSAAlgorithm.SHA256)

Expand All @@ -279,6 +291,7 @@ def test_keyset_should_index_by_kid(self):
with pytest.raises(KeyError):
_ = jwk_set["this-kid-does-not-exist"]

@crypto_required
def test_keyset_with_unknown_alg(self):
# first keyset with unusable key and usable key
with open(key_path("jwk_keyset_with_unknown_alg.json")) as keyfile:
Expand All @@ -296,12 +309,19 @@ def test_keyset_with_unknown_alg(self):
with pytest.raises(PyJWKSetError):
_ = PyJWKSet.from_json(jwks_text)

@crypto_required
def test_invalid_keys_list(self):
with pytest.raises(PyJWKSetError) as err:
PyJWKSet(keys="string") # type: ignore
assert str(err.value) == "Invalid JWK Set value"

@crypto_required
def test_empty_keys_list(self):
with pytest.raises(PyJWKSetError) as err:
PyJWKSet(keys=[])
assert str(err.value) == "The JWK Set did not contain any keys"

@no_crypto_required
def test_missing_crypto_library_raises_when_required(self):
with pytest.raises(MissingCryptographyError):
PyJWKSet(keys=[{"kty": "RSA"}])
Loading