From 8d74d6cc734e6349e60930e860758bd7fd8ba9d7 Mon Sep 17 00:00:00 2001 From: Maximilian Mohr Date: Tue, 19 Jan 2021 10:06:31 +0100 Subject: [PATCH 1/3] Added boolean conversion to setting "jwt.https_only_cookie" Without this conversion, the option would always be true, no matter what value is set in the ini file --- src/pyramid_jwt/__init__.py | 2 +- src/pyramid_jwt/policy.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/pyramid_jwt/__init__.py b/src/pyramid_jwt/__init__.py index c0b633f..f3fd413 100644 --- a/src/pyramid_jwt/__init__.py +++ b/src/pyramid_jwt/__init__.py @@ -93,7 +93,7 @@ def set_jwt_cookie_authentication_policy( json_encoder=None, audience=None, cookie_name=None, - https_only=True, + https_only=None, reissue_time=None, cookie_path=None, ): diff --git a/src/pyramid_jwt/policy.py b/src/pyramid_jwt/policy.py index 214d586..3c73b9b 100644 --- a/src/pyramid_jwt/policy.py +++ b/src/pyramid_jwt/policy.py @@ -6,6 +6,7 @@ import jwt from pyramid.renderers import JSON +from pyramid.settings import asbool from webob.cookies import CookieProfile from zope.interface import implementer from pyramid.authentication import CallbackAuthenticationPolicy @@ -187,7 +188,7 @@ def __init__( audience, ) - self.https_only = https_only + self.https_only = asbool(https_only) self.cookie_name = cookie_name or "Authorization" self.max_age = self.expiration and self.expiration.total_seconds() From bc529d7c45fc417765b4b46e84e7839b689d899e Mon Sep 17 00:00:00 2001 From: Maximilian Mohr Date: Tue, 19 Jan 2021 11:06:10 +0100 Subject: [PATCH 2/3] Added int conversion to setting "jwt.cookie_reissue_time" Without conversion the ini file value would be read as str which will raise an error during reissuing jwt cookie --- src/pyramid_jwt/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/pyramid_jwt/__init__.py b/src/pyramid_jwt/__init__.py index f3fd413..5c4792d 100644 --- a/src/pyramid_jwt/__init__.py +++ b/src/pyramid_jwt/__init__.py @@ -100,7 +100,8 @@ def set_jwt_cookie_authentication_policy( settings = config.get_settings() cookie_name = cookie_name or settings.get("jwt.cookie_name") cookie_path = cookie_path or settings.get("jwt.cookie_path") - reissue_time = reissue_time or settings.get("jwt.cookie_reissue_time") + if reissue_time is None and "jwt.cookie_reissue_time" in settings: + reissue_time = int(settings.get("jwt.cookie_reissue_time")) if https_only is None: https_only = settings.get("jwt.https_only_cookie", True) From d891c49cf02c019bd38271ef7dc9ba3e85e44b3a Mon Sep 17 00:00:00 2001 From: Maximilian Mohr Date: Tue, 2 Mar 2021 10:25:16 +0100 Subject: [PATCH 3/3] Added optional domains arg to forget --- src/pyramid_jwt/policy.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/pyramid_jwt/policy.py b/src/pyramid_jwt/policy.py index 3c73b9b..1d09bb5 100644 --- a/src/pyramid_jwt/policy.py +++ b/src/pyramid_jwt/policy.py @@ -247,9 +247,12 @@ def remember(self, request, principal, **kw): return self._get_cookies(request, token, self.max_age, domains=domains) - def forget(self, request): + def forget(self, request, **kw): request._jwt_cookie_reissue_revoked = True - return self._get_cookies(request, None) + + domains = kw.get("domains") + + return self._get_cookies(request, None, domains=domains) def get_claims(self, request): profile = self.cookie_profile.bind(request)