From 1cbf94f3168749105d3f0d14c788ca7b2573661c Mon Sep 17 00:00:00 2001
From: Ben Bangert <ben@groovie.org>
Date: Fri, 13 May 2016 12:35:00 -0700
Subject: [PATCH] chore: update all libs to latest versions and fix jws
 conflict

Latest crypto library update introduced a change that this fixes as
well.

Closes #453
---
 README.md                       |  2 +-
 autopush/tests/test_endpoint.py |  2 +-
 autopush/utils.py               |  7 ++-
 doc-requirements.txt            | 82 +++++++++++++++++---------------
 requirements.txt                | 80 +++++++++++++++++--------------
 test-requirements.txt           | 84 ++++++++++++++++++---------------
 6 files changed, 143 insertions(+), 114 deletions(-)

diff --git a/README.md b/README.md
index 193c07d6..3577777b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[![codecov.io](https://img.shields.io/codecov/c/github/mozilla-services/autopush/master.svg)](https://codecov.io/github/mozilla-services/autopush?branch=master) [![Build Status](https://travis-ci.org/mozilla-services/autopush.svg?branch=master)](https://travis-ci.org/mozilla-services/autopush) [![Docs](https://readthedocs.org/projects/docs/badge/?version=latest)](http://autopush.readthedocs.org/)
+[![codecov.io](https://img.shields.io/codecov/c/github/mozilla-services/autopush/master.svg)](https://codecov.io/github/mozilla-services/autopush?branch=master) [![Build Status](https://travis-ci.org/mozilla-services/autopush.svg?branch=master)](https://travis-ci.org/mozilla-services/autopush) [![Docs](https://readthedocs.org/projects/docs/badge/?version=latest)](http://autopush.readthedocs.org/) [![Requirements Status](https://requires.io/github/mozilla-services/autopush/requirements.svg?branch=master)](https://requires.io/github/mozilla-services/autopush/requirements/?branch=master)
 
 # Autopush
 
diff --git a/autopush/tests/test_endpoint.py b/autopush/tests/test_endpoint.py
index ddbfd317..96fa5669 100644
--- a/autopush/tests/test_endpoint.py
+++ b/autopush/tests/test_endpoint.py
@@ -797,7 +797,7 @@ def test_post_webpush_with_vapid_auth(self):
 
             kd2 = utils.base64url_decode(crypto_key)
             vk2 = ecdsa.VerifyingKey.from_string(kd2, curve=ecdsa.NIST256p)
-            res = jws.verify(token, vk2, algorithms=["ES256"])
+            res = json.loads(jws.verify(token, vk2, algorithms=["ES256"]))
             eq_(res, payload)
         """
         self.request_mock.headers["crypto-key"] = \
diff --git a/autopush/utils.py b/autopush/utils.py
index 80c5457f..aaf0979a 100644
--- a/autopush/utils.py
+++ b/autopush/utils.py
@@ -2,6 +2,7 @@
 import base64
 import hashlib
 import hmac
+import json
 import socket
 import uuid
 
@@ -115,7 +116,11 @@ def extract_jwt(token, crypto_key):
 
     key = decipher_public_key(crypto_key)
     vk = ecdsa.VerifyingKey.from_string(key, curve=ecdsa.NIST256p)
-    return jws.verify(token, vk, algorithms=["ES256"])
+    # jose offers jwt.decode(token, vk, ...) which does a full check
+    # on the JWT object. Vapid is a bit more creative in how it
+    # stores data into a JWT and breaks expectations. We would have to
+    # turn off most of the validation in order for it to be useful.
+    return json.loads(jws.verify(token, vk, algorithms=["ES256"]))
 
 
 class ErrorLogger(object):
diff --git a/doc-requirements.txt b/doc-requirements.txt
index a6351832..aed76a54 100644
--- a/doc-requirements.txt
+++ b/doc-requirements.txt
@@ -1,53 +1,61 @@
 sphinx>=1.3.1
 sphinxcontrib-httpdomain>=1.3.0
-ConfigArgParse==0.9.3
+ConfigArgParse==0.10.0
 Flask==0.10.1
-Jinja2==2.7.3
+Jinja2==2.8
 MarkupSafe==0.23
-Twisted==15.1.0
-Werkzeug==0.10.4
+Pympler==0.4.3
+Twisted==16.1.1
+Werkzeug==0.11.9
 apns==2.0.1
-argparse==1.2.1
-autobahn==0.10.4
-boto==2.38.0
-cffi==1.1.2
+attrs==15.2.0
+autobahn[twisted]==0.14.0
+boto==2.40.0
+boto3==1.3.1
+botocore==1.4.19
+cffi==1.6.0
 characteristic==14.3.0
-cryptography==0.9.1
+contextlib2==0.5.3
+cryptography==1.3.2
 cyclone==1.1
-datadog==0.5.0
-decorator==4.0.0
+datadog==0.11.0
+decorator==4.0.9
+docutils==0.12
 ecdsa==0.13
-enum34==1.0.4
-funcsigs==0.4
+enum34==1.1.5
+funcsigs==1.0.2
+future==0.15.2
+futures==3.0.5
 gcm-client==0.1.4
-greenlet==0.4.5
-hawkauthlib==0.1.1
-httpretty==0.8.9
-idna==2.0
-ipaddress==1.0.14
+gnureadline==6.3.3
+greenlet==0.4.9
+httpretty==0.8.14
+idna==2.1
+ipaddress==1.0.16
 itsdangerous==0.24
-jws==0.1.3
-mccabe==0.3.1
-pbr==1.3.0
-pluggy==0.3.0
-pyOpenSSL==0.15.1
-pyasn1==0.1.8
-pyasn1-modules==0.0.6
+jmespath==0.9.0
+mccabe==0.4.0
+pbr==1.9.1
+pluggy==0.3.1
+pyOpenSSL==16.0.0
+pyasn1==0.1.9
+pyasn1-modules==0.0.8
 pycparser==2.14
-pyflakes==0.8.1
-python-jose==0.5.6
-Pympler==0.4.2
-raven==5.3.1
+pycrypto==2.6.1
+pyflakes==1.2.3
+python-dateutil==2.5.3
+python-jose==0.6.1
+raven==5.16.0
 repoze.lru==0.6
-requests==2.7.0
-service-identity==14.0.0
-simplejson==3.8.0
+requests==2.10.0
+service-identity==16.0.0
+simplejson==3.8.2
+six==1.10.0
 translationstring==1.3
 -e git+https://github.com/habnabit/txstatsd.git@157ef85fbdeafe23865c7c4e176237ffcb3c3f1f#egg=txStatsD-master
-txaio==1.0.0
-virtualenv==13.1.0
+txaio==2.5.1
+virtualenv==15.0.1
 wsaccel==0.6.2
-wsgiref==0.1.2
-xmltodict==0.9.2
+xmltodict==0.10.1
 zope.deprecation==4.1.2
-zope.interface==4.1.2
+zope.interface==4.1.3
diff --git a/requirements.txt b/requirements.txt
index 959c682a..f5db4457 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,51 +1,59 @@
-ConfigArgParse==0.9.3
+ConfigArgParse==0.10.0
 Flask==0.10.1
-Jinja2==2.7.3
+Jinja2==2.8
 MarkupSafe==0.23
-Twisted==16.0.0
-Werkzeug==0.10.4
+Pympler==0.4.3
+Twisted==16.1.1
+Werkzeug==0.11.9
 apns==2.0.1
-argparse==1.2.1
-autobahn[twisted]==0.13.0
-boto==2.38.0
-boto3==1.3.0
-cffi==1.5.2
+attrs==15.2.0
+autobahn[twisted]==0.14.0
+boto==2.40.0
+boto3==1.3.1
+botocore==1.4.19
+cffi==1.6.0
 characteristic==14.3.0
-cryptography==1.2.3
+contextlib2==0.5.3
+cryptography==1.3.2
 cyclone==1.1
-datadog==0.5.0
-decorator==4.0.0
+datadog==0.11.0
+decorator==4.0.9
+docutils==0.12
 ecdsa==0.13
-enum34==1.0.4
-funcsigs==0.4
+enum34==1.1.5
+funcsigs==1.0.2
+future==0.15.2
+futures==3.0.5
 gcm-client==0.1.4
-greenlet==0.4.5
-httpretty==0.8.9
-idna==2.0
-ipaddress==1.0.14
+gnureadline==6.3.3
+greenlet==0.4.9
+httpretty==0.8.14
+idna==2.1
+ipaddress==1.0.16
 itsdangerous==0.24
-mccabe==0.3.1
-pbr==1.3.0
-pluggy==0.3.0
-pyOpenSSL==0.15.1
-pyasn1==0.1.8
-pyasn1-modules==0.0.6
+jmespath==0.9.0
+mccabe==0.4.0
+pbr==1.9.1
+pluggy==0.3.1
+pyOpenSSL==16.0.0
+pyasn1==0.1.9
+pyasn1-modules==0.0.8
 pycparser==2.14
-pyflakes==0.8.1
-Pympler==0.4.2
-python-jose==0.5.6
-raven==5.10.2
-gnureadline==6.3.3
+pycrypto==2.6.1
+pyflakes==1.2.3
+python-dateutil==2.5.3
+python-jose==0.6.1
+raven==5.16.0
 repoze.lru==0.6
-requests==2.7.0
-service-identity==14.0.0
-simplejson==3.8.0
+requests==2.10.0
+service-identity==16.0.0
+simplejson==3.8.2
+six==1.10.0
 translationstring==1.3
 -e git+https://github.com/habnabit/txstatsd.git@157ef85fbdeafe23865c7c4e176237ffcb3c3f1f#egg=txStatsD-master
-txaio==2.2.2
-virtualenv==13.1.0
+txaio==2.5.1
+virtualenv==15.0.1
 wsaccel==0.6.2
-wsgiref==0.1.2
-xmltodict==0.9.2
+xmltodict==0.10.1
 zope.deprecation==4.1.2
 zope.interface==4.1.3
diff --git a/test-requirements.txt b/test-requirements.txt
index ecbfbdda..b2a64516 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,56 +4,64 @@ mock>=1.0.1
 -e git+https://github.com/habnabit/txstatsd.git@master#egg=txStatsD
 -e git+https://github.com/bbangert/moto.git@3bdb75a961148ea5aa526f0e88d9e7835a30df3a#egg=moto
 flake8
-ConfigArgParse==0.9.3
+psutil
+websocket-client
+ConfigArgParse==0.10.0
 Flask==0.10.1
-Jinja2==2.7.3
+Jinja2==2.8
 MarkupSafe==0.23
-Twisted==16.0.0
-Werkzeug==0.10.4
+Pympler==0.4.3
+Twisted==16.1.1
+Werkzeug==0.11.9
 apns==2.0.1
-argparse==1.2.1
-autobahn[twisted]==0.13.0
-boto==2.38.0
-boto3==1.3.0
-cffi==1.5.2
+attrs==15.2.0
+autobahn[twisted]==0.14.0
+boto==2.40.0
+boto3==1.3.1
+botocore==1.4.19
+cffi==1.6.0
 characteristic==14.3.0
-cryptography==1.2.3
+contextlib2==0.5.3
+cryptography==1.3.2
 cyclone==1.1
-datadog==0.5.0
-decorator==4.0.0
+datadog==0.11.0
+decorator==4.0.9
+docutils==0.12
 ecdsa==0.13
-enum34==1.0.4
-funcsigs==0.4
+enum34==1.1.5
+funcsigs==1.0.2
+future==0.15.2
+futures==3.0.5
 gcm-client==0.1.4
-greenlet==0.4.5
-httpretty==0.8.9
-idna==2.0
-ipaddress==1.0.14
+gnureadline==6.3.3
+greenlet==0.4.9
+httpretty==0.8.14
+idna==2.1
+ipaddress==1.0.16
 itsdangerous==0.24
-mccabe==0.3.1
-pbr==1.3.0
-pluggy==0.3.0
-psutil==3.1.1
-pyOpenSSL==0.15.1
-pyasn1==0.1.8
-pyasn1-modules==0.0.6
+jmespath==0.9.0
+mccabe==0.4.0
+pbr==1.9.1
+pluggy==0.3.1
+pyOpenSSL==16.0.0
+pyasn1==0.1.9
+pyasn1-modules==0.0.8
 pycparser==2.14
-pyflakes==0.8.1
-Pympler==0.4.2
-python-jose==0.5.6
-raven==5.3.1
-gnureadline==6.3.3
+pycrypto==2.6.1
+pyflakes==1.2.3
+python-dateutil==2.5.3
+python-jose==0.6.1
+raven==5.16.0
 repoze.lru==0.6
-requests==2.7.0
-service-identity==14.0.0
-simplejson==3.8.0
+requests==2.10.0
+service-identity==16.0.0
+simplejson==3.8.2
+six==1.10.0
 translationstring==1.3
 -e git+https://github.com/habnabit/txstatsd.git@157ef85fbdeafe23865c7c4e176237ffcb3c3f1f#egg=txStatsD-master
-txaio==2.2.2
-virtualenv==13.1.0
-websocket-client==0.32.0
+txaio==2.5.1
+virtualenv==15.0.1
 wsaccel==0.6.2
-wsgiref==0.1.2
-xmltodict==0.9.2
+xmltodict==0.10.1
 zope.deprecation==4.1.2
 zope.interface==4.1.3