Skip to content

Commit

Permalink
fix(registry): support not-empty validation
Browse files Browse the repository at this point in the history
authlib fails if essential claim is empty, new implementation may choose to
accept empty strings.

in most cases empty value should not be accepted, it is handy to be able to
these.

raise InvalidClaimError when not_empty=True claim option:

    def test_essential_empty_value(self):
        claims_requests = jwt.JWTClaimsRegistry(sub={"essential": True, "not_empty": True})
        self.assertRaises(InvalidClaimError, claims_requests.validate, {"sub": ""})

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
  • Loading branch information
alonbl committed Oct 1, 2023
1 parent ef7e835 commit 1c11a38
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/joserfc/rfc7519/registry.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ def __init__(self, **kwargs: ClaimsOption):
def check_value(self, claim_name: str, value: Any) -> None:
option = self.options.get(claim_name)
if option:
option_not_empty = option.get("not_empty")
if option_not_empty and not value:
raise InvalidClaimError(claim_name)

option_value = option.get("value")
if option_value and value != option_value:
raise InvalidClaimError(claim_name)
Expand Down
6 changes: 6 additions & 0 deletions tests/jwt/test_claims.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ def test_essential_claims(self):

claims_requests.validate({"sub": "a", "iss": "a", "name": "joserfc"})

def test_essential_empty_value(self):
claims_requests = jwt.JWTClaimsRegistry(sub={"essential": True, "not_empty": True})
self.assertRaises(InvalidClaimError, claims_requests.validate, {"sub": ""})

claims_requests.validate({"sub": "a"})

def test_option_value(self):
claims_requests = jwt.JWTClaimsRegistry(sub={"essential": True, "value": "123"})
self.assertRaises(InvalidClaimError, claims_requests.validate, {"sub": "a"})
Expand Down

0 comments on commit 1c11a38

Please sign in to comment.