diff --git a/jose/jwt.py b/jose/jwt.py index b364b4ba..b64a3f1e 100644 --- a/jose/jwt.py +++ b/jose/jwt.py @@ -5,7 +5,7 @@ from collections.abc import Mapping except ImportError: from collections import Mapping -from datetime import datetime, timedelta +from datetime import datetime, timedelta, UTC from jose import jws @@ -281,7 +281,7 @@ def _validate_nbf(claims, leeway=0): except ValueError: raise JWTClaimsError("Not Before claim (nbf) must be an integer.") - now = timegm(datetime.utcnow().utctimetuple()) + now = timegm(datetime.now(UTC).utctimetuple()) if nbf > (now + leeway): raise JWTClaimsError("The token is not yet valid (nbf)") @@ -311,7 +311,7 @@ def _validate_exp(claims, leeway=0): except ValueError: raise JWTClaimsError("Expiration Time claim (exp) must be an integer.") - now = timegm(datetime.utcnow().utctimetuple()) + now = timegm(datetime.now(UTC).utctimetuple()) if exp < (now - leeway): raise ExpiredSignatureError("Signature has expired.") diff --git a/tests/test_jwt.py b/tests/test_jwt.py index 8c2e262f..850f840e 100644 --- a/tests/test_jwt.py +++ b/tests/test_jwt.py @@ -1,6 +1,6 @@ import base64 import json -from datetime import datetime, timedelta +from datetime import datetime, timedelta, UTC import pytest @@ -180,7 +180,7 @@ def test_leeway_is_int(self): pass def test_leeway_is_timedelta(self, claims, key): - nbf = datetime.utcnow() + timedelta(seconds=5) + nbf = datetime.now(UTC) + timedelta(seconds=5) leeway = timedelta(seconds=10) claims = { @@ -209,7 +209,7 @@ def test_nbf_not_int(self, key): jwt.decode(token, key) def test_nbf_datetime(self, key): - nbf = datetime.utcnow() - timedelta(seconds=5) + nbf = datetime.now(UTC) - timedelta(seconds=5) claims = {"nbf": nbf} @@ -217,7 +217,7 @@ def test_nbf_datetime(self, key): jwt.decode(token, key) def test_nbf_with_leeway(self, key): - nbf = datetime.utcnow() + timedelta(seconds=5) + nbf = datetime.now(UTC) + timedelta(seconds=5) claims = { "nbf": nbf, @@ -229,7 +229,7 @@ def test_nbf_with_leeway(self, key): jwt.decode(token, key, options=options) def test_nbf_in_future(self, key): - nbf = datetime.utcnow() + timedelta(seconds=5) + nbf = datetime.now(UTC) + timedelta(seconds=5) claims = {"nbf": nbf} @@ -239,7 +239,7 @@ def test_nbf_in_future(self, key): jwt.decode(token, key) def test_nbf_skip(self, key): - nbf = datetime.utcnow() + timedelta(seconds=5) + nbf = datetime.now(UTC) + timedelta(seconds=5) claims = {"nbf": nbf} @@ -261,7 +261,7 @@ def test_exp_not_int(self, key): jwt.decode(token, key) def test_exp_datetime(self, key): - exp = datetime.utcnow() + timedelta(seconds=5) + exp = datetime.now(UTC) + timedelta(seconds=5) claims = {"exp": exp} @@ -269,7 +269,7 @@ def test_exp_datetime(self, key): jwt.decode(token, key) def test_exp_with_leeway(self, key): - exp = datetime.utcnow() - timedelta(seconds=5) + exp = datetime.now(UTC) - timedelta(seconds=5) claims = { "exp": exp, @@ -281,7 +281,7 @@ def test_exp_with_leeway(self, key): jwt.decode(token, key, options=options) def test_exp_in_past(self, key): - exp = datetime.utcnow() - timedelta(seconds=5) + exp = datetime.now(UTC) - timedelta(seconds=5) claims = {"exp": exp} @@ -291,7 +291,7 @@ def test_exp_in_past(self, key): jwt.decode(token, key) def test_exp_skip(self, key): - exp = datetime.utcnow() - timedelta(seconds=5) + exp = datetime.now(UTC) - timedelta(seconds=5) claims = {"exp": exp} @@ -504,8 +504,8 @@ def test_unverified_claims_object(self, claims, key): [ ("aud", "aud"), ("ait", "ait"), - ("exp", datetime.utcnow() + timedelta(seconds=3600)), - ("nbf", datetime.utcnow() - timedelta(seconds=5)), + ("exp", datetime.now(UTC) + timedelta(seconds=3600)), + ("nbf", datetime.now(UTC) - timedelta(seconds=5)), ("iss", "iss"), ("sub", "sub"), ("jti", "jti"),