From 970c2d863ecb2806876a6d19b8af6b9737963ce1 Mon Sep 17 00:00:00 2001 From: noureen taj Date: Wed, 5 Oct 2022 19:48:35 +0530 Subject: [PATCH 1/4] fix: skipped content type validation for GET requests --- jwt_signature_validator/encoded_payload.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwt_signature_validator/encoded_payload.py b/jwt_signature_validator/encoded_payload.py index 1c80dd9..eaed7f2 100644 --- a/jwt_signature_validator/encoded_payload.py +++ b/jwt_signature_validator/encoded_payload.py @@ -84,7 +84,7 @@ async def verify_signature(): return {"type": receive_["type"], "body": signature, "more_body": False} headers = MutableHeaders(scope=scope) - if headers.get("Content-Type") is None: + if headers.get("Content-Type") is None and scope.get("method", "POST") != "GET": raise HTTPException(status_code=406, detail="Unacceptable Content Type!") elif headers.get("Content-Type") == "application/json": host = headers.get("host", "").split(":")[0] From 46162548398f21dbb2b2f201d7d2fa12e73c2ce6 Mon Sep 17 00:00:00 2001 From: noureen taj Date: Wed, 5 Oct 2022 22:55:24 +0530 Subject: [PATCH 2/4] chore: added content type validation list for request type --- jwt_signature_validator/encoded_payload.py | 23 +++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/jwt_signature_validator/encoded_payload.py b/jwt_signature_validator/encoded_payload.py index eaed7f2..bea018d 100644 --- a/jwt_signature_validator/encoded_payload.py +++ b/jwt_signature_validator/encoded_payload.py @@ -32,16 +32,17 @@ class EncodedPayloadSignatureMiddleware: def __init__( - self, - app, - jwt_secret: str, - jwt_algorithms: list[str], - protect_hosts: list = None, + self, + app, + jwt_secret: str, + jwt_algorithms: list[str], + protect_hosts: list = None, ): self.app = app self.protect_hosts = protect_hosts self.jwt_secret = jwt_secret self.jwt_algorithms = jwt_algorithms + self.validate_request_types = ["POST", "PUT", "DELETE"] if not self.protect_hosts: self.protect_hosts = ["*"] @@ -71,10 +72,10 @@ async def verify_signature(): try: signature = jwt.decode(signature, self.jwt_secret, self.jwt_algorithms) except ( - InvalidSignatureError, - ExpiredSignatureError, - MissingRequiredClaimError, - DecodeError, + InvalidSignatureError, + ExpiredSignatureError, + MissingRequiredClaimError, + DecodeError, ) as inv_exp: logging.error(inv_exp) raise HTTPException( @@ -84,14 +85,14 @@ async def verify_signature(): return {"type": receive_["type"], "body": signature, "more_body": False} headers = MutableHeaders(scope=scope) - if headers.get("Content-Type") is None and scope.get("method", "POST") != "GET": + if headers.get("Content-Type") is None and scope.get("method", "POST") in self.validate_request_types: raise HTTPException(status_code=406, detail="Unacceptable Content Type!") elif headers.get("Content-Type") == "application/json": host = headers.get("host", "").split(":")[0] is_protected_host = False for pattern in self.protect_hosts: if host == pattern or ( - pattern.startswith("*") and host.endswith(pattern[1:]) + pattern.startswith("*") and host.endswith(pattern[1:]) ): is_protected_host = True break From 1573b8e71e51072a03a2dea735332a5b2d637149 Mon Sep 17 00:00:00 2001 From: noureen taj Date: Tue, 11 Oct 2022 10:39:24 +0530 Subject: [PATCH 3/4] chore: formatting --- jwt_signature_validator/encoded_payload.py | 25 ++++++++++++---------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/jwt_signature_validator/encoded_payload.py b/jwt_signature_validator/encoded_payload.py index bea018d..555fe0d 100644 --- a/jwt_signature_validator/encoded_payload.py +++ b/jwt_signature_validator/encoded_payload.py @@ -32,11 +32,11 @@ class EncodedPayloadSignatureMiddleware: def __init__( - self, - app, - jwt_secret: str, - jwt_algorithms: list[str], - protect_hosts: list = None, + self, + app, + jwt_secret: str, + jwt_algorithms: list[str], + protect_hosts: list = None, ): self.app = app self.protect_hosts = protect_hosts @@ -72,10 +72,10 @@ async def verify_signature(): try: signature = jwt.decode(signature, self.jwt_secret, self.jwt_algorithms) except ( - InvalidSignatureError, - ExpiredSignatureError, - MissingRequiredClaimError, - DecodeError, + InvalidSignatureError, + ExpiredSignatureError, + MissingRequiredClaimError, + DecodeError, ) as inv_exp: logging.error(inv_exp) raise HTTPException( @@ -85,14 +85,17 @@ async def verify_signature(): return {"type": receive_["type"], "body": signature, "more_body": False} headers = MutableHeaders(scope=scope) - if headers.get("Content-Type") is None and scope.get("method", "POST") in self.validate_request_types: + if ( + headers.get("Content-Type") is None + and scope.get("method", "POST") in self.validate_request_types + ): raise HTTPException(status_code=406, detail="Unacceptable Content Type!") elif headers.get("Content-Type") == "application/json": host = headers.get("host", "").split(":")[0] is_protected_host = False for pattern in self.protect_hosts: if host == pattern or ( - pattern.startswith("*") and host.endswith(pattern[1:]) + pattern.startswith("*") and host.endswith(pattern[1:]) ): is_protected_host = True break From 94c60264f6ba3b86311da78a83b80c04d4016fc6 Mon Sep 17 00:00:00 2001 From: Noureen Taj <34808668+noureentaj@users.noreply.github.com> Date: Tue, 11 Oct 2022 17:36:52 +0530 Subject: [PATCH 4/4] update: updated version to 5 --- jwt_signature_validator/__about__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwt_signature_validator/__about__.py b/jwt_signature_validator/__about__.py index fe96268..0862e1e 100644 --- a/jwt_signature_validator/__about__.py +++ b/jwt_signature_validator/__about__.py @@ -1 +1 @@ -VERSION = "0.0.4" +VERSION = "0.0.5"