Skip to content

Commit

Permalink
Don't mutate options dictionary in .decode_complete() (#743)
Browse files Browse the repository at this point in the history
Fixes #679
  • Loading branch information
akx authored Apr 5, 2022
1 parent 1f1fe15 commit 3d4d822
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
6 changes: 2 additions & 4 deletions jwt/api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,10 +71,8 @@ def decode_complete(
options: Optional[Dict] = None,
**kwargs,
) -> Dict[str, Any]:
if options is None:
options = {"verify_signature": True}
else:
options.setdefault("verify_signature", True)
options = dict(options or {}) # shallow-copy or initialize an empty dict
options.setdefault("verify_signature", True)

# If the user has set the legacy `verify` argument, and it doesn't match
# what the relevant `options` entry for the argument is, inform the user
Expand Down
8 changes: 8 additions & 0 deletions tests/test_api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -674,3 +674,11 @@ def test_decode_legacy_verify_warning(self, jwt, payload):
jwt.decode(
jwt_message, secret, verify=True, options={"verify_signature": False}
)

def test_decode_no_options_mutation(self, jwt, payload):
options = {"verify_signature": True}
orig_options = options.copy()
secret = "secret"
jwt_message = jwt.encode(payload, secret)
jwt.decode(jwt_message, secret, options=options, algorithms=["HS256"])
assert options == orig_options

0 comments on commit 3d4d822

Please sign in to comment.