def decode(self, message: str, key: AbstractJWKBase = None,
do_verify=True, algorithms: AbstractSet[str] = None,
do_time_check: bool = True) -> dict:
# utc now with timezone
now = datetime.now(timezone.utc)
try:
message_bin = self._jws.decode(message, key, do_verify, algorithms)
except JWSDecodeError as why:
raise JWTDecodeError('failed to decode JWT') from why
try:
payload = json.loads(message_bin.decode('utf-8'))
if 'exp' in payload:
try:
exp = get_time_from_int(payload.get('exp'))
if do_time_check and (exp is None or now > exp):
raise JWTDecodeError("JWT Expired")
except ValueError:
raise JWTDecodeError("Invalid Expired value")
if 'nbf' in payload:
try:
nbf = get_time_from_int(payload.get('nbf'))
if do_time_check and (nbf is None or now < nbf):
raise JWTDecodeError("JWT Not valid yet")
except ValueError:
raise JWTDecodeError('Invalid "Not valid yet" value')
return payload
except ValueError as why:
raise JWTDecodeError(
'a payload of the JWT is not valid JSON') from why
def decode(self, message: str, key: AbstractJWKBase = None,
do_verify=True, algorithms: AbstractSet[str] = None,
do_time_check: bool = True) -> dict:
if not isinstance(self, JWT): # pragma: no cover
# https://github.com/GehirnInc/python-jwt/issues/15
raise RuntimeError(
'decode must be called on a jwt.JWT() instance. '
'Do jwt.JWT().decode(...)')
if not isinstance(message, str): # pragma: no cover
raise TypeError('message must be a str')
if not (key is None
or isinstance(key, AbstractJWKBase)): # pragma: no cover
raise TypeError(
'key must be an instance of a class implements '
'jwt.AbstractJWKBase')
# utc now with timezone
now = datetime.now(timezone.utc)
try:
message_bin = self._jws.decode(message, key, do_verify, algorithms)
except JWSDecodeError as why:
raise JWTDecodeError('failed to decode JWT') from why
try:
payload = json.loads(message_bin.decode('utf-8'))
except ValueError as why:
raise JWTDecodeError(
'a payload of the JWT is not valid JSON') from why
# The "exp" (expiration time) claim identifies the expiration time on
# or after which the JWT MUST NOT be accepted for processing.
if 'exp' in payload and do_time_check:
try:
exp = get_time_from_int(payload['exp'])
except TypeError:
raise JWTDecodeError("Invalid Expired value")
if now >= exp:
raise JWTDecodeError("JWT Expired")
# The "nbf" (not before) claim identifies the time before which the JWT
# MUST NOT be accepted for processing.
if 'nbf' in payload and do_time_check:
try:
nbf = get_time_from_int(payload['nbf'])
except TypeError:
raise JWTDecodeError('Invalid "Not valid yet" value')
if now < nbf:
raise JWTDecodeError("JWT Not valid yet")
return payload
def test_get_time_from_int_with_str():
expected = datetime(2011, 3, 22, 18, 43, tzinfo=timezone.utc)
assert get_time_from_int('1300819380') == expected