Replace python-jose with PyJWT

thunderbird · May 1, 2024 · 7983e3c · 7983e3c
1 parent 202d5d6
commit 7983e3c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 12 deletions.
diff --git a/backend/requirements.txt b/backend/requirements.txt
@@ -18,8 +18,8 @@ markdown==3.6
 MarkupSafe==2.1.2
 nh3==0.2.17
 python-dotenv==1.0.0
-python-jose==3.3.0
 python-multipart==0.0.7
+PyJWT==2.6.0
 pydantic==2.5.2
 sentry-sdk==1.26.0
 starlette-context==0.3.6

diff --git a/backend/src/appointment/dependencies/auth.py b/backend/src/appointment/dependencies/auth.py
@@ -3,7 +3,7 @@
 
 from fastapi import Depends, Request, HTTPException, Body
 from fastapi.security import OAuth2PasswordBearer
-from jose import jwt, JWTError
+import jwt
 
 from sqlalchemy.orm import Session
 
@@ -22,18 +22,18 @@ def get_user_from_token(db, token: str):
         iat = payload.get("iat")
         if sub is None:
             raise InvalidTokenException()
-    except JWTError:
+    except jwt.exceptions.InvalidTokenError:
         raise InvalidTokenException()
 
     id = sub.replace('uid-', '')
     subscriber = repo.subscriber.get(db, int(id))
 
     # Token has been expired by us - temp measure to avoid spinning a refresh system, or a deny list for this issue
-    if subscriber is None:
-        raise InvalidTokenException()
-    elif subscriber.minimum_valid_iat_time and not iat:
-        raise InvalidTokenException()
-    elif subscriber.minimum_valid_iat_time and subscriber.minimum_valid_iat_time.timestamp() > int(iat):
+    if any([
+        subscriber is None,
+        subscriber and subscriber.minimum_valid_iat_time and not iat,
+        subscriber and subscriber.minimum_valid_iat_time and subscriber.minimum_valid_iat_time.timestamp() > int(iat)
+    ]):
         raise InvalidTokenException()
 
     return subscriber

diff --git a/backend/src/appointment/dependencies/fxa.py b/backend/src/appointment/dependencies/fxa.py
@@ -2,7 +2,8 @@
 import os
 
 from fastapi import Request, Depends
-from jose import jwt, jwk
+#from jose import jwt, jwk
+import jwt
 
 from ..controller.apis.fxa_client import FxaClient
 
@@ -31,7 +32,7 @@ def get_webhook_auth(request: Request, fxa_client: FxaClient = Depends(get_fxa_c
         logging.error("No public jwks available.")
         return None
 
-    headers = jwt.get_unverified_headers(header_token)
+    headers = jwt.get_unverified_header(header_token)
 
     if 'kid' not in headers:
         logging.error("Error decoding token. Key ID is missing from headers.")
@@ -40,7 +41,7 @@ def get_webhook_auth(request: Request, fxa_client: FxaClient = Depends(get_fxa_c
     jwk_pem = None
     for current_jwk in public_jwks:
         if current_jwk.get('kid') == headers.get('kid'):
-            jwk_pem = jwk.construct(current_jwk)
+            jwk_pem = jwt.PyJWK(current_jwk)
             break
 
     if jwk_pem is None:

diff --git a/backend/src/appointment/routes/auth.py b/backend/src/appointment/routes/auth.py
@@ -5,8 +5,8 @@
 from typing import Annotated
 
 import argon2.exceptions
+import jwt
 from fastapi.security import OAuth2PasswordRequestForm
-from jose import jwt
 from sentry_sdk import capture_exception
 from sqlalchemy.orm import Session