Skip to content

Commit

Permalink
Don't mutate options dictionary in .decode_complete()
Browse files Browse the repository at this point in the history
Fixes #679
  • Loading branch information
akx committed Mar 30, 2022
1 parent 1e79156 commit e4ea2f4
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
6 changes: 2 additions & 4 deletions jwt/api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,8 @@ def decode_complete(
options: Optional[Dict] = None,
**kwargs,
) -> Dict[str, Any]:
if options is None:
options = {"verify_signature": True}
else:
options.setdefault("verify_signature", True)
options = dict(options or {}) # shallow-copy or initialize an empty dict
options.setdefault("verify_signature", True)

if not options["verify_signature"]:
options.setdefault("verify_exp", False)
Expand Down
8 changes: 8 additions & 0 deletions tests/test_api_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -658,3 +658,11 @@ def test_decode_no_algorithms_verify_signature_false(self, jwt, payload):
jwt_message = jwt.encode(payload, secret)

jwt.decode(jwt_message, secret, options={"verify_signature": False})

def test_decode_no_options_mutation(self, jwt, payload):
options = {"verify_signature": True}
orig_options = options.copy()
secret = "secret"
jwt_message = jwt.encode(payload, secret)
jwt.decode(jwt_message, secret, options=options, algorithms=["HS256"])
assert options == orig_options

0 comments on commit e4ea2f4

Please sign in to comment.