From c25d6dc8892c78099652663919f8063841952985 Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 13:40:31 -0400 Subject: [PATCH 01/10] pull in code and example --- .gitignore | 12 + .pylintrc | 433 +++++++++++++++++++++++++++++++++++++ .readthedocs.yml | 3 + .travis.yml | 48 ++++ CODE_OF_CONDUCT.md | 127 +++++++++++ LICENSE | 4 +- README.md | 2 - README.rst | 92 ++++++++ adafruit_jwt.py | 200 +++++++++++++++++ docs/_static/favicon.ico | Bin 0 -> 4414 bytes docs/api.rst | 8 + docs/conf.py | 160 ++++++++++++++ docs/examples.rst | 8 + docs/index.rst | 51 +++++ examples/jwt_simpletest.py | 23 ++ requirements.txt | 1 + setup.py | 63 ++++++ 17 files changed, 1231 insertions(+), 4 deletions(-) create mode 100644 .gitignore create mode 100644 .pylintrc create mode 100644 .readthedocs.yml create mode 100644 .travis.yml create mode 100644 CODE_OF_CONDUCT.md delete mode 100644 README.md create mode 100644 README.rst create mode 100644 adafruit_jwt.py create mode 100644 docs/_static/favicon.ico create mode 100644 docs/api.rst create mode 100644 docs/conf.py create mode 100644 docs/examples.rst create mode 100644 docs/index.rst create mode 100644 examples/jwt_simpletest.py create mode 100644 requirements.txt create mode 100644 setup.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..55f127b --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +*.mpy +.idea +__pycache__ +_build +*.pyc +.env +build* +bundles +*.DS_Store +.eggs +dist +**/*.egg-info \ No newline at end of file diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 0000000..039eaec --- /dev/null +++ b/.pylintrc @@ -0,0 +1,433 @@ +[MASTER] + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-whitelist= + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the blacklist. The +# regex matches against base names, not paths. +ignore-patterns= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. +# jobs=1 +jobs=2 + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Specify a configuration file. +#rcfile= + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED +confidence= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once).You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use"--disable=all --enable=classes +# --disable=W" +# disable=import-error,print-statement,parameter-unpacking,unpacking-in-except,old-raise-syntax,backtick,long-suffix,old-ne-operator,old-octal-literal,import-star-module-level,raw-checker-failed,bad-inline-option,locally-disabled,locally-enabled,file-ignored,suppressed-message,useless-suppression,deprecated-pragma,apply-builtin,basestring-builtin,buffer-builtin,cmp-builtin,coerce-builtin,execfile-builtin,file-builtin,long-builtin,raw_input-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,no-absolute-import,old-division,dict-iter-method,dict-view-method,next-method-called,metaclass-assignment,indexing-exception,raising-string,reload-builtin,oct-method,hex-method,nonzero-method,cmp-method,input-builtin,round-builtin,intern-builtin,unichr-builtin,map-builtin-not-iterating,zip-builtin-not-iterating,range-builtin-not-iterating,filter-builtin-not-iterating,using-cmp-argument,eq-without-hash,div-method,idiv-method,rdiv-method,exception-message-attribute,invalid-str-codec,sys-max-int,bad-python3-import,deprecated-string-function,deprecated-str-translate-call +disable=print-statement,parameter-unpacking,unpacking-in-except,old-raise-syntax,backtick,long-suffix,old-ne-operator,old-octal-literal,import-star-module-level,raw-checker-failed,bad-inline-option,locally-disabled,locally-enabled,file-ignored,suppressed-message,useless-suppression,deprecated-pragma,apply-builtin,basestring-builtin,buffer-builtin,cmp-builtin,coerce-builtin,execfile-builtin,file-builtin,long-builtin,raw_input-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,no-absolute-import,old-division,dict-iter-method,dict-view-method,next-method-called,metaclass-assignment,indexing-exception,raising-string,reload-builtin,oct-method,hex-method,nonzero-method,cmp-method,input-builtin,round-builtin,intern-builtin,unichr-builtin,map-builtin-not-iterating,zip-builtin-not-iterating,range-builtin-not-iterating,filter-builtin-not-iterating,using-cmp-argument,eq-without-hash,div-method,idiv-method,rdiv-method,exception-message-attribute,invalid-str-codec,sys-max-int,bad-python3-import,deprecated-string-function,deprecated-str-translate-call,import-error + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable= + + +[REPORTS] + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio).You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages +reports=no + +# Activate the evaluation score. +score=yes + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + + +[LOGGING] + +# Logging modules to check that the string format arguments are in logging +# function parameter format +logging-modules=logging + + +[SPELLING] + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +# notes=FIXME,XXX,TODO +notes=FIXME,XXX + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis. It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules=board + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_,_cb + +# A regular expression matching the name of dummy variables (i.e. expectedly +# not used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,future.builtins + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +# expected-line-ending-format= +expected-line-ending-format=LF + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module +max-module-lines=1000 + +# List of optional constructs for which whitespace checking is disabled. `dict- +# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. +# `trailing-comma` allows a space between comma and closing bracket: (a, ). +# `empty-line` allows space-only lines. +no-space-check=trailing-comma,dict-separator + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[SIMILARITIES] + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[BASIC] + +# Naming hint for argument names +argument-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Regular expression matching correct argument names +argument-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Naming hint for attribute names +attr-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Regular expression matching correct attribute names +attr-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Naming hint for class attribute names +class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Regular expression matching correct class attribute names +class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Naming hint for class names +# class-name-hint=[A-Z_][a-zA-Z0-9]+$ +class-name-hint=[A-Z_][a-zA-Z0-9_]+$ + +# Regular expression matching correct class names +# class-rgx=[A-Z_][a-zA-Z0-9]+$ +class-rgx=[A-Z_][a-zA-Z0-9_]+$ + +# Naming hint for constant names +const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Regular expression matching correct constant names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming hint for function names +function-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Regular expression matching correct function names +function-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Good variable names which should always be accepted, separated by a comma +# good-names=i,j,k,ex,Run,_ +good-names=r,g,b,w,i,j,k,n,x,y,z,ex,ok,Run,_ + +# Include a hint for the correct naming format with invalid-name +include-naming-hint=no + +# Naming hint for inline iteration names +inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$ + +# Regular expression matching correct inline iteration names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Naming hint for method names +method-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Regular expression matching correct method names +method-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Naming hint for module names +module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Regular expression matching correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +property-classes=abc.abstractproperty + +# Naming hint for variable names +variable-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + +# Regular expression matching correct variable names +variable-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$ + + +[IMPORTS] + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=optparse,tkinter.tix + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict,_fields,_replace,_source,_make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=5 + +# Maximum number of attributes for a class (see R0902). +# max-attributes=7 +max-attributes=11 + +# Maximum number of boolean expressions in a if statement +max-bool-expr=5 + +# Maximum number of branch for function / method body +max-branches=12 + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of statements in function / method body +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=1 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=Exception diff --git a/.readthedocs.yml b/.readthedocs.yml new file mode 100644 index 0000000..f4243ad --- /dev/null +++ b/.readthedocs.yml @@ -0,0 +1,3 @@ +python: + version: 3 +requirements_file: requirements.txt diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..41166b8 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,48 @@ +# This is a common .travis.yml for generating library release zip files for +# CircuitPython library releases using circuitpython-build-tools. +# See https://github.com/adafruit/circuitpython-build-tools for detailed setup +# instructions. + +dist: xenial +language: python +python: + - "3.6" + +cache: + pip: true + +# TODO: if deployment to PyPi is desired, change 'DEPLOY_PYPI' to "true", +# or remove the env block entirely and remove the condition in the +# deploy block. +env: + - DEPLOY_PYPI="false" + +deploy: + - provider: releases + api_key: "$GITHUB_TOKEN" + file_glob: true + file: "$TRAVIS_BUILD_DIR/bundles/*" + skip_cleanup: true + overwrite: true + on: + tags: true + # TODO: Use 'travis encrypt --com -r adafruit/' to generate + # the encrypted password for adafruit-travis. Paste result below. + - provider: pypi + user: adafruit-travis + password: + secure: #-- PASTE ENCRYPTED PASSWORD HERE --# + on: + tags: true + condition: $DEPLOY_PYPI = "true" + +install: + - pip install -r requirements.txt + - pip install circuitpython-build-tools Sphinx sphinx-rtd-theme + - pip install --force-reinstall pylint==1.9.2 + +script: + - pylint adafruit_jwt.py + - ([[ ! -d "examples" ]] || pylint --disable=missing-docstring,invalid-name,bad-whitespace examples/*.py) + - circuitpython-build-bundles --filename_prefix adafruit-circuitpython-jwt --library_location . + - cd docs && sphinx-build -E -W -b html . _build/html && cd .. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..7ca3a1d --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,127 @@ +# Adafruit Community Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and leaders pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level or type of +experience, education, socio-economic status, nationality, personal appearance, +race, religion, or sexual identity and orientation. + +## Our Standards + +We are committed to providing a friendly, safe and welcoming environment for +all. + +Examples of behavior that contributes to creating a positive environment +include: + +* Be kind and courteous to others +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Collaborating with other community members +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and sexual attention or advances +* The use of inappropriate images, including in a community member's avatar +* The use of inappropriate language, including in a community member's nickname +* Any spamming, flaming, baiting or other attention-stealing behavior +* Excessive or unwelcome helping; answering outside the scope of the question + asked +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate + +The goal of the standards and moderation guidelines outlined here is to build +and maintain a respectful community. We ask that you don’t just aim to be +"technically unimpeachable", but rather try to be your best self. + +We value many things beyond technical expertise, including collaboration and +supporting others within our community. Providing a positive experience for +other community members can have a much more significant impact than simply +providing the correct answer. + +## Our Responsibilities + +Project leaders are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project leaders have the right and responsibility to remove, edit, or +reject messages, comments, commits, code, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any community member for other behaviors that they deem +inappropriate, threatening, offensive, or harmful. + +## Moderation + +Instances of behaviors that violate the Adafruit Community Code of Conduct +may be reported by any member of the community. Community members are +encouraged to report these situations, including situations they witness +involving other community members. + +You may report in the following ways: + +In any situation, you may send an email to . + +On the Adafruit Discord, you may send an open message from any channel +to all Community Helpers by tagging @community moderators. You may also send an +open message from any channel, or a direct message to @kattni#1507, +@tannewt#4653, @Dan Halbert#1614, @cater#2442, @sommersoft#0222, or +@Andon#8175. + +Email and direct message reports will be kept confidential. + +In situations on Discord where the issue is particularly egregious, possibly +illegal, requires immediate action, or violates the Discord terms of service, +you should also report the message directly to Discord. + +These are the steps for upholding our community’s standards of conduct. + +1. Any member of the community may report any situation that violates the +Adafruit Community Code of Conduct. All reports will be reviewed and +investigated. +2. If the behavior is an egregious violation, the community member who +committed the violation may be banned immediately, without warning. +3. Otherwise, moderators will first respond to such behavior with a warning. +4. Moderators follow a soft "three strikes" policy - the community member may +be given another chance, if they are receptive to the warning and change their +behavior. +5. If the community member is unreceptive or unreasonable when warned by a +moderator, or the warning goes unheeded, they may be banned for a first or +second offense. Repeated offenses will result in the community member being +banned. + +## Scope + +This Code of Conduct and the enforcement policies listed above apply to all +Adafruit Community venues. This includes but is not limited to any community +spaces (both public and private), the entire Adafruit Discord server, and +Adafruit GitHub repositories. Examples of Adafruit Community spaces include +but are not limited to meet-ups, audio chats on the Adafruit Discord, or +interaction at a conference. + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. As a community +member, you are representing our community, and are expected to behave +accordingly. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 1.4, available at +, +and the [Rust Code of Conduct](https://www.rust-lang.org/en-US/conduct.html). + +For other projects adopting the Adafruit Community Code of +Conduct, please contact the maintainers of those projects for enforcement. +If you wish to use this code of conduct for your own project, consider +explicitly mentioning your moderation policy or making a copy with your +own moderation policy so as to avoid confusion. diff --git a/LICENSE b/LICENSE index 5739aaa..d4fbf1d 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ -MIT License +The MIT License (MIT) -Copyright (c) 2019 Adafruit Industries +Copyright (c) 2019 Brent Rubell for Adafruit Industries Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md deleted file mode 100644 index 4b848de..0000000 --- a/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Adafruit_CircuitPython_JWT -JSON Web Token Authentication diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..2f25e5e --- /dev/null +++ b/README.rst @@ -0,0 +1,92 @@ +Introduction +============ + +.. image:: https://readthedocs.org/projects/adafruit-circuitpython-jwt/badge/?version=latest + :target: https://circuitpython.readthedocs.io/projects/jwt/en/latest/ + :alt: Documentation Status + +.. image:: https://img.shields.io/discord/327254708534116352.svg + :target: https://discord.gg/nBQh6qu + :alt: Discord + +.. image:: https://travis-ci.com/adafruit/Adafruit_CircuitPython_JWT.svg?branch=master + :target: https://travis-ci.com/adafruit/Adafruit_CircuitPython_JWT + :alt: Build Status + +JSON Web Token Authentication + + +Dependencies +============= +This driver depends on: + +* `Adafruit CircuitPython `_ + +Please ensure all dependencies are available on the CircuitPython filesystem. +This is easily achieved by downloading +`the Adafruit library and driver bundle `_. + +Installing from PyPI +===================== +.. note:: This library is not available on PyPI yet. Install documentation is included + as a standard element. Stay tuned for PyPI availability! + +.. todo:: Remove the above note if PyPI version is/will be available at time of release. + If the library is not planned for PyPI, remove the entire 'Installing from PyPI' section. + +On supported GNU/Linux systems like the Raspberry Pi, you can install the driver locally `from +PyPI `_. To install for current user: + +.. code-block:: shell + + pip3 install adafruit-circuitpython-jwt + +To install system-wide (this may be required in some cases): + +.. code-block:: shell + + sudo pip3 install adafruit-circuitpython-jwt + +To install in a virtual environment in your current project: + +.. code-block:: shell + + mkdir project-name && cd project-name + python3 -m venv .env + source .env/bin/activate + pip3 install adafruit-circuitpython-jwt + +Usage Example +============= + +.. todo:: Add a quick, simple example. It and other examples should live in the examples folder and be included in docs/examples.rst. + +Contributing +============ + +Contributions are welcome! Please read our `Code of Conduct +`_ +before contributing to help this project stay welcoming. + +Sphinx documentation +----------------------- + +Sphinx is used to build the documentation based on rST files and comments in the code. First, +install dependencies (feel free to reuse the virtual environment from above): + +.. code-block:: shell + + python3 -m venv .env + source .env/bin/activate + pip install Sphinx sphinx-rtd-theme + +Now, once you have the virtual environment activated: + +.. code-block:: shell + + cd docs + sphinx-build -E -W -b html . _build/html + +This will output the documentation to ``docs/_build/html``. Open the index.html in your browser to +view them. It will also (due to -W) error out on any warning like Travis will. This is a good way to +locally verify it will pass. diff --git a/adafruit_jwt.py b/adafruit_jwt.py new file mode 100644 index 0000000..eeff960 --- /dev/null +++ b/adafruit_jwt.py @@ -0,0 +1,200 @@ +# The MIT License (MIT) +# +# Copyright (c) 2019 Brent Rubell for Adafruit Industries +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +""" +`adafruit_jwt` +================================================================================ + +JSON Web Token Authentication + +* Author(s): Brent Rubell + +Implementation Notes +-------------------- + +**Hardware:** + +**Software and Dependencies:** + +* Adafruit CircuitPython firmware for the supported boards: + https://github.com/adafruit/circuitpython/releases + +* Adafruit's RSA library: + https://github.com/adafruit/Adafruit_CircuitPython_RSA +""" +import io +import json +from adafruit_rsa import PrivateKey, sign + +from adafruit_binascii import b2a_base64, a2b_base64 + +import string + +__version__ = "0.0.0-auto.0" +__repo__ = "https://github.com/adafruit/Adafruit_CircuitPython_JWT.git" + +# pylint: disable=no-member +class JWT: + """JSON Web Token helper for CircuitPython. Warning: JWTs are + credentials, which can grant access to resources. Be careful + where you paste them! + :param str algo: Encryption algorithm used for claims. Can be None. + + """ + + @staticmethod + def validate(jwt): + """Validates a provided JWT. Does not support nested signing. + :param str jwt: JSON Web Token. + :returns: The message's decoded JOSE header and claims. + :rtype: tuple + """ + # Verify JWT contains at least one period ('.') + if jwt.find(".") == -1: + raise ValueError("JWT must have at least one period") + # Separate the encoded JOSE Header + jose_header = jwt.split(".")[0] + # Decode JOSE Header + try: + jose_header = STRING_TOOLS.urlsafe_b64decode(jose_header) + except UnicodeError: + raise UnicodeError("Invalid JOSE Header encoding.") + if "type" not in jose_header: + raise TypeError("JOSE Header does not contain required type key.") + if "alg" not in jose_header: + raise TypeError("Jose Header does not contain required alg key.") + # Separate encoded claim set + claims = jwt.split(".")[1] + try: + claims = json.loads(STRING_TOOLS.urlsafe_b64decode(claims)) + except UnicodeError: + raise UnicodeError("Invalid claims encoding.") + if not hasattr(claims, "keys"): + raise TypeError("Provided claims is not a JSON dict. object") + return (jose_header, claims) + + + @staticmethod + def generate(claims, private_key_data=None, algo=None): + """Generates and returns a new JSON Web Token. + :param dict claims: JWT claims set + :param str private_key_data: Decoded RSA private key data. + :rtype: str + """ + # Allow for unencrypted JWTs + if algo is not None: + priv_key = PrivateKey(*private_key_data) + else: + algo = "none" + # Create the JOSE Header + # https://tools.ietf.org/html/rfc7519#section-5 + jose_header = {"typ": "JWT", "alg": algo} + payload = "{}.{}".format( + string.b42_urlsafe_encode(json.dumps(jose_header).encode("utf-8")), + string.b42_urlsafe_encode(json.dumps(claims).encode("utf-8")), + ) + # Compute the signature + if algo == "none": + jwt = "{}.{}".format(jose_header, claims) + elif algo == "RS256" or algo == "RS384" or algo == "RS512" or algo == "RSA": + #sig = sign(payload, priv_key, "SHA-256") + signature = string.b42_urlsafe_encode(sign(payload, priv_key, "SHA-256")) + jwt = payload + "." + signature + else: + raise TypeError( + "Adafruit_JWT is currently only compatible with algorithms within" + "the Adafruit_RSA module." + ) + return jwt + + +# pylint: disable=invalid-name +class STRING_TOOLS: + """Tools and helpers for URL-safe string encoding. + """ + # Some strings for ctype-style character classification + whitespace = " \t\n\r\v\f" + ascii_lowercase = "abcdefghijklmnopqrstuvwxyz" + ascii_uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + ascii_letters = ascii_lowercase + ascii_uppercase + digits = "0123456789" + hexdigits = digits + "abcdef" + "ABCDEF" + octdigits = "01234567" + punctuation = r"""!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~""" + printable = digits + ascii_letters + punctuation + whitespace + + @staticmethod + def urlsafe_b64encode(payload): + """Encode bytes-like object using the URL- and filesystem-safe alphabet, + which substitutes - instead of + and _ instead of / in + the standard Base64 alphabet, and return the encoded bytes. + :param bytes payload: bytes-like object. + """ + return STRING_TOOLS.translate( + b2a_base64(payload)[:-1].decode("utf-8"), {ord("+"): "-", ord("/"): "_"} + ) + + @staticmethod + def urlsafe_b64decode(payload): + """Decode bytes-like object or ASCII string using the URL + and filesystem-safe alphabet + :param bytes payload: bytes-like object or ASCII string + """ + return a2b_base64(STRING_TOOLS._bytes_from_decode_data(payload)).decode("utf-8") + + @staticmethod + def _bytes_from_decode_data(str_data): + # Types acceptable as binary data + bit_types = (bytes, bytearray) + if isinstance(str_data, str): + try: + return str_data.encode("ascii") + except: + raise ValueError("string argument should contain only ASCII characters") + elif isinstance(str_data, bit_types): + return str_data + else: + raise TypeError( + "argument should be bytes or ASCII string, not %s" + % str_data.__class__.__name__ + ) + + # Port of CPython str.translate to Pure-Python by Johan Brichau, 2019 + # https://github.com/jbrichau/TrackingPrototype/blob/master/Device/lib/string.py + @staticmethod + def translate(s, table): + """Return a copy of the string in which each character + has been mapped through the given translation table. + :param string s: String to-be-character-table. + :param dict table: Translation table. + """ + sb = io.StringIO() + for c in s: + v = ord(c) + if v in table: + v = table[v] + if isinstance(v, int): + sb.write(chr(v)) + elif v is not None: + sb.write(v) + else: + sb.write(c) + return sb.getvalue() diff --git a/docs/_static/favicon.ico b/docs/_static/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..5aca98376a1f7e593ebd9cf41a808512c2135635 GIT binary patch literal 4414 zcmd^BX;4#F6n=SG-XmlONeGrD5E6J{RVh+e928U#MG!$jWvO+UsvWh`x&VqGNx*en zx=qox7Dqv{kPwo%fZC$dDwVpRtz{HzTkSs8QhG0)%Y=-3@Kt!4ag|JcIo?$-F|?bXVS9UDUyev>MVZQ(H8K4#;BQW-t2CPorj8^KJrMX}QK zp+e<;4ldpXz~=)2GxNy811&)gt-}Q*yVQpsxr@VMoA##{)$1~=bZ1MmjeFw?uT(`8 z^g=09<=zW%r%buwN%iHtuKSg|+r7HkT0PYN*_u9k1;^Ss-Z!RBfJ?Un4w(awqp2b3 z%+myoFis_lTlCrGx2z$0BQdh+7?!JK#9K9@Z!VrG zNj6gK5r(b4?YDOLw|DPRoN7bdP{(>GEG41YcN~4r_SUHU2hgVtUwZG@s%edC;k7Sn zC)RvEnlq~raE2mY2ko64^m1KQL}3riixh?#J{o)IT+K-RdHae2eRX91-+g!y`8^># z-zI0ir>P%Xon)!@xp-BK2bDYUB9k613NRrY6%lVjbFcQc*pRqiK~8xtkNPLxt}e?&QsTB}^!39t_%Qb)~Ukn0O%iC;zt z<&A-y;3h++)>c1br`5VFM~5(83!HKx$L+my8sW_c#@x*|*vB1yU)_dt3vH;2hqPWx zAl^6@?ipx&U7pf`a*>Yq6C85nb+B=Fnn+(id$W#WB^uHAcZVG`qg;rWB}ubvi(Y>D z$ei>REw$#xp0SHAd^|1hq&9HJ=jKK8^zTH~nk)G?yUcmTh9vUM6Y0LMw4(gYVY$D$ zGl&WY&H<)BbJ&3sYbKjx1j^=3-0Q#f^}(aP1?8^`&FUWMp|rmtpK)bLQ1Zo?^s4jqK=Lfg*9&geMGVQ z#^-*!V`fG@;H&{M9S8%+;|h&Qrxym0Ar>WT4BCVLR8cGXF=JmEYN(sNT(9vl+S|%g z8r7nXQ(95i^`=+XHo|){$vf2$?=`F$^&wFlYXyXg$B{a>$-Fp+V}+D;9k=~Xl~?C4 zAB-;RKXdUzBJE{V&d&%R>aEfFe;vxqI$0@hwVM}gFeQR@j}a>DDxR+n+-*6|_)k%% z*mSpDV|=5I9!&VC&9tD%fcVygWZV!iIo2qFtm#!*(s|@ZT33*Ad;+<|3^+yrp*;oH zBSYLV(H1zTU?2WjrCQoQW)Z>J2a=dTriuvezBmu16`tM2fm7Q@d4^iqII-xFpwHGI zn9CL}QE*1vdj2PX{PIuqOe5dracsciH6OlAZATvE8rj6ykqdIjal2 z0S0S~PwHb-5?OQ-tU-^KTG@XNrEVSvo|HIP?H;7ZhYeZkhSqh-{reE!5di;1zk$#Y zCe7rOnlzFYJ6Z#Hm$GoidKB=2HBCwm`BbZVeZY4ukmG%1uz7p2URs6c9j-Gjj^oQV zsdDb3@k2e`C$1I5ML5U0Qs0C1GAp^?!*`=|Nm(vWz3j*j*8ucum2;r0^-6Aca=Gv) zc%}&;!+_*S2tlnnJnz0EKeRmw-Y!@9ob!XQBwiv}^u9MkaXHvM=!<3YX;+2#5Cj5pp?FEK750S3BgeSDtaE^ zXUM@xoV6yBFKfzvY20V&Lr0yC + CircuitPython Reference Documentation + CircuitPython Support Forum + Discord Chat + Adafruit Learning System + Adafruit Blog + Adafruit Store + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` diff --git a/examples/jwt_simpletest.py b/examples/jwt_simpletest.py new file mode 100644 index 0000000..03099f5 --- /dev/null +++ b/examples/jwt_simpletest.py @@ -0,0 +1,23 @@ +import adafruit_jwt + +# Get private RSA key from a secrets.py file +try: + from secrets import secrets +except ImportError: + print("WiFi secrets are kept in secrets.py, please add them there!") + raise + +# Sample JWT Claims +claims = {"iss": "joe", + "exp": 1300819380, + "name": "John Doe", + "admin": True} + +# Generate a JWT +print("Generating JWT...") +encoded_jwt = adafruit_jwt.JWT.generate(claims, secrets["private_key"], algo="RS256") +print("Encoded JWT: ", encoded_jwt) + +# Validate a provided JWT +decoded_jwt = adafruit_jwt.JWT.validate(encoded_jwt) +print('Decoded JWT:\nJOSE Header: {}\nJWT Claims: {}'.format(decoded_jwt[0], decoded_jwt[1])) \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..edf9394 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +Adafruit-Blinka diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..04fe307 --- /dev/null +++ b/setup.py @@ -0,0 +1,63 @@ +"""A setuptools based setup module. + +See: +https://packaging.python.org/en/latest/distributing.html +https://github.com/pypa/sampleproject +""" + +from setuptools import setup, find_packages +# To use a consistent encoding +from codecs import open +from os import path + +here = path.abspath(path.dirname(__file__)) + +# Get the long description from the README file +with open(path.join(here, 'README.rst'), encoding='utf-8') as f: + long_description = f.read() + +setup( + name='adafruit-circuitpython-jwt', + + use_scm_version=True, + setup_requires=['setuptools_scm'], + + description='JSON Web Token Authentication ', + long_description=long_description, + long_description_content_type='text/x-rst', + + # The project's main homepage. + url='https://github.com/adafruit/Adafruit_CircuitPython_JWT', + + # Author details + author='Adafruit Industries', + author_email='circuitpython@adafruit.com', + + install_requires=[ + 'Adafruit-Blinka' + ], + + # Choose your license + license='MIT', + + # See https://pypi.python.org/pypi?%3Aaction=list_classifiers + classifiers=[ + 'Development Status :: 3 - Alpha', + 'Intended Audience :: Developers', + 'Topic :: Software Development :: Libraries', + 'Topic :: System :: Hardware', + 'License :: OSI Approved :: MIT License', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + ], + + # What does your project relate to? + keywords='adafruit blinka circuitpython micropython jwt jwt, json, token, authentication', + + # You can just specify the packages manually here if your project is + # simple. Or you can use find_packages(). + # TODO: IF LIBRARY FILES ARE A PACKAGE FOLDER, + # CHANGE `py_modules=['...']` TO `packages=['...']` + py_modules=['adafruit_jwt'], +) From 2a316eb246c1b50c6372e78a23175e31bbcc77cd Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 14:17:00 -0400 Subject: [PATCH 02/10] reduce line count --- adafruit_jwt.py | 38 +++++++++++++++++++------------------- examples/jwt_simpletest.py | 3 ++- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/adafruit_jwt.py b/adafruit_jwt.py index eeff960..42a9e3a 100644 --- a/adafruit_jwt.py +++ b/adafruit_jwt.py @@ -59,39 +59,36 @@ class JWT: :param str algo: Encryption algorithm used for claims. Can be None. """ - @staticmethod def validate(jwt): - """Validates a provided JWT. Does not support nested signing. + """Validates a provided JWT. Does not support validating + nested signing. Returns JOSE Header and claim set. :param str jwt: JSON Web Token. :returns: The message's decoded JOSE header and claims. :rtype: tuple """ # Verify JWT contains at least one period ('.') if jwt.find(".") == -1: - raise ValueError("JWT must have at least one period") - # Separate the encoded JOSE Header - jose_header = jwt.split(".")[0] - # Decode JOSE Header + raise ValueError("ProvidedJWT must have at least one period") + # Attempt to decode JOSE header try: - jose_header = STRING_TOOLS.urlsafe_b64decode(jose_header) + jose_header = STRING_TOOLS.urlsafe_b64decode(jwt.split(".")[0]) except UnicodeError: - raise UnicodeError("Invalid JOSE Header encoding.") - if "type" not in jose_header: + raise UnicodeError("Unable to decode JOSE header.") + # Check for typ and alg in decoded JOSE header + if "typ" not in jose_header: raise TypeError("JOSE Header does not contain required type key.") if "alg" not in jose_header: - raise TypeError("Jose Header does not contain required alg key.") - # Separate encoded claim set - claims = jwt.split(".")[1] + raise TypeError("Jose Header does not contain an alg key.") + # Attempt to decode claim set try: - claims = json.loads(STRING_TOOLS.urlsafe_b64decode(claims)) + claims = json.loads(STRING_TOOLS.urlsafe_b64decode(jwt.split(".")[1])) except UnicodeError: raise UnicodeError("Invalid claims encoding.") if not hasattr(claims, "keys"): raise TypeError("Provided claims is not a JSON dict. object") return (jose_header, claims) - @staticmethod def generate(claims, private_key_data=None, algo=None): """Generates and returns a new JSON Web Token. @@ -108,15 +105,16 @@ def generate(claims, private_key_data=None, algo=None): # https://tools.ietf.org/html/rfc7519#section-5 jose_header = {"typ": "JWT", "alg": algo} payload = "{}.{}".format( - string.b42_urlsafe_encode(json.dumps(jose_header).encode("utf-8")), - string.b42_urlsafe_encode(json.dumps(claims).encode("utf-8")), + STRING_TOOLS.urlsafe_b64encode(json.dumps(jose_header).encode("utf-8")), + STRING_TOOLS.urlsafe_b64encode(json.dumps(claims).encode("utf-8")), ) # Compute the signature if algo == "none": jwt = "{}.{}".format(jose_header, claims) elif algo == "RS256" or algo == "RS384" or algo == "RS512" or algo == "RSA": #sig = sign(payload, priv_key, "SHA-256") - signature = string.b42_urlsafe_encode(sign(payload, priv_key, "SHA-256")) + signature = STRING_TOOLS.urlsafe_b64encode( + sign(payload, priv_key, "SHA-256")) jwt = payload + "." + signature else: raise TypeError( @@ -149,7 +147,8 @@ def urlsafe_b64encode(payload): :param bytes payload: bytes-like object. """ return STRING_TOOLS.translate( - b2a_base64(payload)[:-1].decode("utf-8"), {ord("+"): "-", ord("/"): "_"} + b2a_base64(payload)[ + :-1].decode("utf-8"), {ord("+"): "-", ord("/"): "_"} ) @staticmethod @@ -168,7 +167,8 @@ def _bytes_from_decode_data(str_data): try: return str_data.encode("ascii") except: - raise ValueError("string argument should contain only ASCII characters") + raise ValueError( + "string argument should contain only ASCII characters") elif isinstance(str_data, bit_types): return str_data else: diff --git a/examples/jwt_simpletest.py b/examples/jwt_simpletest.py index 03099f5..7bad976 100644 --- a/examples/jwt_simpletest.py +++ b/examples/jwt_simpletest.py @@ -19,5 +19,6 @@ print("Encoded JWT: ", encoded_jwt) # Validate a provided JWT +print("Decoding JWT...") decoded_jwt = adafruit_jwt.JWT.validate(encoded_jwt) -print('Decoded JWT:\nJOSE Header: {}\nJWT Claims: {}'.format(decoded_jwt[0], decoded_jwt[1])) \ No newline at end of file +print('JOSE Header: {}\nJWT Claims: {}'.format(decoded_jwt[0], decoded_jwt[1])) \ No newline at end of file From eb2be96f6a1f1dbdc6b83f1ce82eb00831af1361 Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 14:23:14 -0400 Subject: [PATCH 03/10] lintin! --- adafruit_jwt.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/adafruit_jwt.py b/adafruit_jwt.py index 42a9e3a..6fde11b 100644 --- a/adafruit_jwt.py +++ b/adafruit_jwt.py @@ -46,7 +46,6 @@ from adafruit_binascii import b2a_base64, a2b_base64 -import string __version__ = "0.0.0-auto.0" __repo__ = "https://github.com/adafruit/Adafruit_CircuitPython_JWT.git" @@ -111,8 +110,7 @@ def generate(claims, private_key_data=None, algo=None): # Compute the signature if algo == "none": jwt = "{}.{}".format(jose_header, claims) - elif algo == "RS256" or algo == "RS384" or algo == "RS512" or algo == "RSA": - #sig = sign(payload, priv_key, "SHA-256") + elif algo in ("RS256", "RS384", "RS512"): signature = STRING_TOOLS.urlsafe_b64encode( sign(payload, priv_key, "SHA-256")) jwt = payload + "." + signature From f3be2560e4a4418e32c2f881092b531d066234ac Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 14:23:47 -0400 Subject: [PATCH 04/10] lint example --- examples/jwt_simpletest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/jwt_simpletest.py b/examples/jwt_simpletest.py index 7bad976..95b99ba 100644 --- a/examples/jwt_simpletest.py +++ b/examples/jwt_simpletest.py @@ -21,4 +21,4 @@ # Validate a provided JWT print("Decoding JWT...") decoded_jwt = adafruit_jwt.JWT.validate(encoded_jwt) -print('JOSE Header: {}\nJWT Claims: {}'.format(decoded_jwt[0], decoded_jwt[1])) \ No newline at end of file +print('JOSE Header: {}\nJWT Claims: {}'.format(decoded_jwt[0], decoded_jwt[1])) From cbb7541ac6f30fdbbcddced3b6082f72cc159f01 Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 14:29:40 -0400 Subject: [PATCH 05/10] support SHA384/512 signatures with RS384/RS512 algorithms --- README.rst | 7 +++---- adafruit_jwt.py | 11 +++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.rst b/README.rst index 2f25e5e..d1f6262 100644 --- a/README.rst +++ b/README.rst @@ -13,7 +13,9 @@ Introduction :target: https://travis-ci.com/adafruit/Adafruit_CircuitPython_JWT :alt: Build Status -JSON Web Token Authentication +JSON Web Token (JWT) Authentication module for CircuitPython. JSON Web Tokens are an open, industry standard +`RFC 7519 `_ method for representing claims securely between two parties. Module +includes methods for JWT generation and verification. Dependencies @@ -31,9 +33,6 @@ Installing from PyPI .. note:: This library is not available on PyPI yet. Install documentation is included as a standard element. Stay tuned for PyPI availability! -.. todo:: Remove the above note if PyPI version is/will be available at time of release. - If the library is not planned for PyPI, remove the entire 'Installing from PyPI' section. - On supported GNU/Linux systems like the Raspberry Pi, you can install the driver locally `from PyPI `_. To install for current user: diff --git a/adafruit_jwt.py b/adafruit_jwt.py index 6fde11b..f04ded9 100644 --- a/adafruit_jwt.py +++ b/adafruit_jwt.py @@ -110,15 +110,22 @@ def generate(claims, private_key_data=None, algo=None): # Compute the signature if algo == "none": jwt = "{}.{}".format(jose_header, claims) - elif algo in ("RS256", "RS384", "RS512"): + return jwt + if algo == "RS256": signature = STRING_TOOLS.urlsafe_b64encode( sign(payload, priv_key, "SHA-256")) - jwt = payload + "." + signature + elif algo == "RS384": + signature = STRING_TOOLS.urlsafe_b64encode( + sign(payload, priv_key, "SHA-384")) + elif algo == "RS512": + signature = STRING_TOOLS.urlsafe_b64encode( + sign(payload, priv_key, "SHA-512")) else: raise TypeError( "Adafruit_JWT is currently only compatible with algorithms within" "the Adafruit_RSA module." ) + jwt = payload + "." + signature return jwt From 3e2f7614e7ddd3c2f5f392512d3035a8a2aaaf93 Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 14:41:23 -0400 Subject: [PATCH 06/10] black example --- examples/jwt_simpletest.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/jwt_simpletest.py b/examples/jwt_simpletest.py index 95b99ba..4582e99 100644 --- a/examples/jwt_simpletest.py +++ b/examples/jwt_simpletest.py @@ -15,7 +15,8 @@ # Generate a JWT print("Generating JWT...") -encoded_jwt = adafruit_jwt.JWT.generate(claims, secrets["private_key"], algo="RS256") +encoded_jwt = adafruit_jwt.JWT.generate( + claims, secrets["private_key"], algo="RS256") print("Encoded JWT: ", encoded_jwt) # Validate a provided JWT From 09b04f361e233c5ba493de26bc1b138ce920ee6d Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 15:47:53 -0400 Subject: [PATCH 07/10] add deps, add encoding schemes to README --- README.rst | 15 ++++++++++++--- adafruit_jwt.py | 4 ++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index d1f6262..b251f7c 100644 --- a/README.rst +++ b/README.rst @@ -14,8 +14,13 @@ Introduction :alt: Build Status JSON Web Token (JWT) Authentication module for CircuitPython. JSON Web Tokens are an open, industry standard -`RFC 7519 `_ method for representing claims securely between two parties. Module -includes methods for JWT generation and verification. +`RFC 7519 `_ method for representing claims securely between two parties. + +This library currently supports the following signature algorithms: + * No encoding, "none" + * RS256/SHA-256 (via `Adafruit_CircuitPython_RSA `_) + * RS384/SHA-384 (via `Adafruit_CircuitPython_RSA `_) + * RS512/SHA-512 (via `Adafruit_CircuitPython_RSA `_) Dependencies @@ -23,6 +28,8 @@ Dependencies This driver depends on: * `Adafruit CircuitPython `_ +* `Adafruit_CircuitPython_RSA `_ +* `Adafruit_CircuitPython_binascii `_ Please ensure all dependencies are available on the CircuitPython filesystem. This is easily achieved by downloading @@ -58,7 +65,9 @@ To install in a virtual environment in your current project: Usage Example ============= -.. todo:: Add a quick, simple example. It and other examples should live in the examples folder and be included in docs/examples.rst. +.. code-block:: python + + Contributing ============ diff --git a/adafruit_jwt.py b/adafruit_jwt.py index f04ded9..b596865 100644 --- a/adafruit_jwt.py +++ b/adafruit_jwt.py @@ -39,6 +39,10 @@ * Adafruit's RSA library: https://github.com/adafruit/Adafruit_CircuitPython_RSA + +* Adafruit's binascii library: + https://github.com/adafruit/Adafruit_CircuitPython_RSA + """ import io import json From 7b7c527319df10298805065e0b5f18a4250241ba Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 15:54:58 -0400 Subject: [PATCH 08/10] update README --- README.rst | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index b251f7c..1032354 100644 --- a/README.rst +++ b/README.rst @@ -16,13 +16,12 @@ Introduction JSON Web Token (JWT) Authentication module for CircuitPython. JSON Web Tokens are an open, industry standard `RFC 7519 `_ method for representing claims securely between two parties. -This library currently supports the following signature algorithms: - * No encoding, "none" +This library currently supports the following signature algorithms for JWT generation and verification: + * No encoding (`"none"`) * RS256/SHA-256 (via `Adafruit_CircuitPython_RSA `_) * RS384/SHA-384 (via `Adafruit_CircuitPython_RSA `_) * RS512/SHA-512 (via `Adafruit_CircuitPython_RSA `_) - Dependencies ============= This driver depends on: @@ -65,9 +64,38 @@ To install in a virtual environment in your current project: Usage Example ============= +Generating encoded JWT + .. code-block:: python + import adafruit_jwt + # Import Private RSA key from a secrets.py file + try: + from secrets import secrets + except ImportError: + print("WiFi secrets are kept in secrets.py, please add them there!") + raise + + # Create JWT Claims + claims = {"iss": "joe", + "exp": 1300819380, + "name": "John Doe", + "admin": True} + + # Generate JWT, sign with RSA private key and RS-256 + encoded_jwt = adafruit_jwt.JWT.generate( + claims, secrets["private_key"], algo="RS256") + print("Encoded JWT: ", encoded_jwt) + + +Validating a generated JWT, encoded_jwt. + +.. code-block:: python + import adafruit_jwt + decoded_jwt = adafruit_jwt.JWT.validate(encoded_jwt) + # The decoded JWT's JOSE header and claims set are returned as a tuple + print('JOSE Header: {}\nJWT Claims: {}'.format(decoded_jwt[0], decoded_jwt[1])) Contributing ============ From 4ecf53c0c445bc1c8d7f62fb6d3e341e767b1df5 Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 15:55:58 -0400 Subject: [PATCH 09/10] add docs config --- docs/conf.py | 2 +- docs/index.rst | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index 61b91de..1e1d98d 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # Uncomment the below if you use native CircuitPython modules such as # digitalio, micropython and busio. List the modules you use. Without it, the # autodoc module docs will fail to generate with a warning. -# autodoc_mock_imports = ["digitalio", "busio"] +autodoc_mock_imports = ["adafruit-rsa", "adafruit-binascii"] intersphinx_mapping = {'python': ('https://docs.python.org/3.4', None),'CircuitPython': ('https://circuitpython.readthedocs.io/en/latest/', None)} diff --git a/docs/index.rst b/docs/index.rst index 84b7d1e..5c322c6 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -23,14 +23,10 @@ Table of Contents .. toctree:: :caption: Tutorials -.. todo:: Add any Learn guide links here. If there are none, then simply delete this todo and leave - the toctree above for use later. .. toctree:: :caption: Related Products -.. todo:: Add any product links here. If there are none, then simply delete this todo and leave - the toctree above for use later. .. toctree:: :caption: Other Links From dbc79fc8039caba6f92bc3c751dfe2001a8423a0 Mon Sep 17 00:00:00 2001 From: brentru Date: Wed, 21 Aug 2019 16:01:37 -0400 Subject: [PATCH 10/10] jwt building docs --- README.rst | 2 +- docs/conf.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 1032354..27dec40 100644 --- a/README.rst +++ b/README.rst @@ -17,7 +17,7 @@ JSON Web Token (JWT) Authentication module for CircuitPython. JSON Web Tokens ar `RFC 7519 `_ method for representing claims securely between two parties. This library currently supports the following signature algorithms for JWT generation and verification: - * No encoding (`"none"`) + * No encoding ("none") * RS256/SHA-256 (via `Adafruit_CircuitPython_RSA `_) * RS384/SHA-384 (via `Adafruit_CircuitPython_RSA `_) * RS512/SHA-512 (via `Adafruit_CircuitPython_RSA `_) diff --git a/docs/conf.py b/docs/conf.py index 1e1d98d..8e31cd2 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # Uncomment the below if you use native CircuitPython modules such as # digitalio, micropython and busio. List the modules you use. Without it, the # autodoc module docs will fail to generate with a warning. -autodoc_mock_imports = ["adafruit-rsa", "adafruit-binascii"] +autodoc_mock_imports = ["adafruit_rsa", "adafruit_binascii"] intersphinx_mapping = {'python': ('https://docs.python.org/3.4', None),'CircuitPython': ('https://circuitpython.readthedocs.io/en/latest/', None)}