Contents

Overview

docs Documentation Status
tests
Travis-CI Build Status
Coverage Status Coverage Status
package
PyPI Package latest release PyPI Wheel Supported versions Supported implementations
Commits since latest release

JWT implementation for ZSL framework. This modules adds security possibilities to ZSL.

  • Free software: BSD license

Installation

Just add zsl_jwt to your requirements or use

pip install zsl-jwt

Usage

Add zsl_jwt.module.JWTModule to the modules in your IoCContainer and provide a zsl_jwt.configuration.JWTConfiguration in your configuration under JWT variable.

Documentation

See more in https://zsl_jwt.readthedocs.io/

Development

To run the all tests run:

tox

Note, to combine the coverage data from all the tox environments run:

Windows 
set PYTEST_ADDOPTS=--cov-append
tox
Other 
PYTEST_ADDOPTS=--cov-append tox

Installation

Just add zsl_jwt to your requirements or at the command line use

pip install zsl-jwt

Usage

To use zsl_jwt in a project:

import zsl_jwt

Reference

API reference of zsl_jwt

zsl_jwt.codec

The module provides the two main functions encode() and decode() which encode and decode the given payload.

zsl_jwt.codec.CLAIMS = (u'exp', u'nbf', u'iss', u'aud', u'iat')

The list of JWT claim names.

exception zsl_jwt.codec.ZslJwtError[source]

Main exception type raised from this module.

exception zsl_jwt.codec.ZslJwtExpiredSignatureError[source]
exception zsl_jwt.codec.ZslJwtInvalidAudienceError[source]

When the audience of the token does not match the audience of the profile used to decode the token.

exception zsl_jwt.codec.ZslJwtInvalidNbfClaimError[source]
zsl_jwt.codec.decode(*args, **kwargs)[source]

Decodes the encoded token.

Parameters:
  • token – The encoded token.
  • jwt_configuration – The configuration, injected.
  • profile – The profile name used for encoding.
Returns:

The decoded payload.
zsl_jwt.codec.encode(*args, **kwargs)[source]

Encodes the payload. :param payload: The payload to be encoded. :param jwt_configuration: The JWT configuration, it is injected. :param algorithm: Algorithm name. A reasonable default is provided. :param profile: The JWT profile to be used. See

Returns:The JWT token.

zsl_jwt.configuration

class zsl_jwt.configuration.JWTConfiguration(default_secret=None, default_profile=None, profiles=None)[source]

The main JWT configuration object. Consists of several token profiles used for encoding/decoding. See zsl_jwt.configuration.JWTProfile.

class zsl_jwt.configuration.JWTProfile(secret, expiration=None, not_before=None, issuer=u'zsl_jwt', audience=u'zsl_jwt', algorithm=u'HS256')[source]
Each profile consits of its own
  • secret and all the JWT claims definitions:
  • audience: str - must match the audience in the decoding,
  • issuer name: str - just an information about the token issuer,
  • expiration: datetime.timedelta specifying when token becomes invalid,
  • not_before: datetime.timedelta specifying when token becomes valid,
  • algorithm: encryption algorithm used to create the token.
algorithm
audience

The audience of the token for which the token is intended. This must match the audience used for decoding. This is a standard JWT claim.

expiration

The time interval specifying when the token becomes invalid. The token is valid until time now + expiration. This is a standard JWT claim.

issuer

The issuer name. This is a standard JWT claim.

not_before

The time interval specifying when the token becomes valid. The token is valid from time now + not_before. This is a standard JWT claim.

secret

Key/secret used for encryption.

zsl_jwt.module

class zsl_jwt.module.JWTModule[source]

JWT module activation. Add to your IoCContainer to enable JWT support.

It just provides the zsl_jwt.configuration.JWTConfiguration so that the users may read the JWT configuration.

JWT_CONFIG_NAME = u'JWT'

Variable name in config used for JWT configuration

provide_jwt_configuration(*args, **kwargs)[source]

Returns the JWT configuration.

Parameters:config – Injected. Configuration object
Returns:Current JWT configuration.

zsl_jwt.configuration

The configuration of the authentication.

class zsl_jwt.auth.configuration.AuthConfiguration(authentication_service_class)[source]

Auth module configuration. It holds the string identifying the authentication service.

authentication_service_class

The string identifying the class implementing the zsl_jwt.auth.service.AuthenticationService which is used for login controller.

zsl_jwt.auth.module

This ZSL module reads the auth configuration and provides zsl_jwt.auth.configuration.AuthConfiguration and an instance of zsl_jwt.auth.service.AuthenticationService.

class zsl_jwt.auth.module.AuthModule[source]
AUTH_CONFIG_NAME = u'AUTH'
provide_authentication_service(*args, **kwargs)[source]

Returns the used authentication service.

Parameters:auth_config – Injected. Auth configuration.
Returns:The authentication service.
provide_jwt_configuration(*args, **kwargs)[source]

Returns the AuthConfiguration.

Parameters:config – Injected. Configuration object
Returns:Current authentication/authorization configuration.

zsl_jwt.auth.service

The abstraction of authentication service and user information.

class zsl_jwt.auth.service.AuthenticationService[source]

The service used for verifying username and password and querying the user information.

get_user_information(username)[source]

Returns the user information for the given username. :param username: :return: Tuple with the first element being the list of roles

(list of strings) and a user information, may be None.
verify_password(username, password)[source]

Verifies if the username, password combination is valid. Returns true iff it is, False otherwise. It should not raise exceptions.

class zsl_jwt.auth.service.StandardUserInformation(username, roles, user_object)[source]

Standard user information - contains username, roles (list of strings) and a user object, if wanted (may be None)

get_attributes()[source]
is_in_role(role)[source]
roles
user_object
username
zsl_jwt.auth.service.create_standard_user_information(username, roles, user_object)[source]

Creates the user information/representation from the given parameters.

zsl_jwt.auth.service.decode_to_standard_user_information(token, user_object_class=None, profile=u'default')[source]

Creates the user information/representation from the given auth token.

zsl_jwt.controller

Contains the login function.

zsl_jwt.auth.controller.authenticate(*args, **kwargs)[source]

The “login” function, from the given username/password returns the JWT. Use only as a delegate function in handling of tasks.

Parameters:
Returns:

error response if the credentials are invalid or jwt.

Contributing

Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.

Bug reports

When reporting a bug please include:

  • Your operating system name and version.
  • Any details about your local setup that might be helpful in troubleshooting.
  • Detailed steps to reproduce the bug.

Documentation improvements

zsl_jwt could always use more documentation, whether as part of the official zsl_jwt docs, in docstrings, or even on the web in blog posts, articles, and such.

Feature requests and feedback

The best way to send feedback is to file an issue at https://github.com/AtteqCom/zsl_jwt/issues.

If you are proposing a feature:

  • Explain in detail how it would work.
  • Keep the scope as narrow as possible, to make it easier to implement.
  • Remember that this is a volunteer-driven project, and that code contributions are welcome :)

Development

To set up zsl_jwt for local development:

  1. Fork zsl_jwt (look for the “Fork” button).

  2. Clone your fork locally:

    git clone git@github.com:your_name_here/zsl_jwt.git

  3. Create a branch for local development:

    git checkout -b name-of-your-bugfix-or-feature

    Now you can make your changes locally.

  4. When you’re done making changes, run all the checks, doc builder and spell checker with tox one command:

    tox

  5. Commit your changes and push your branch to GitHub:

    git add .
git commit -m "Your detailed description of your changes."
git push origin name-of-your-bugfix-or-feature

  6. Submit a pull request through the GitHub website.

Pull Request Guidelines

If you need some code review or feedback while you’re developing the code just make the pull request.

For merging, you should:

  1. Include passing tests (run tox) [1].
  2. Update documentation when there’s new API, functionality etc.
  3. Add a note to CHANGELOG.rst about the changes.
  4. Add yourself to AUTHORS.rst.
[1]

If you don’t have all the necessary python versions available locally you can rely on Travis - it will run the tests for each change you add in the pull request.

It will be slower though ...

Tips

To run a subset of tests:

tox -e envname -- py.test -k test_myfeature

To run all the test environments in parallel (you need to pip install detox):

detox

Authors

Changelog

0.1.3 (2017-07-19)

  • Algorithm setting is moved to JWTProfile.

0.1.2 (2017-07-18)

  • Forgotten unit tests are added.

0.1.1 (2017-07-18)

  • A first version able to encode and decode.

0.1.0 (2017-06-20)

  • First release on PyPI.

Indices and tables