File: errors.rst

package info (click to toggle)
joserfc 1.6.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,468 kB
  • sloc: python: 8,023; makefile: 18
file content (90 lines) | stat: -rw-r--r-- 3,036 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
Errors & Warnings
=================

Here are some common errors and warnings, and how to handle them.

SecurityWarning
---------------

.. versionadded:: 1.2.0

You may encounter a ``SecurityWarning`` when using potentially
unsafe algorithms or generating insecure keys. These warnings
do not interrupt the execution of your application — they are
simply printed to standard output (e.g., your terminal).

If you prefer to suppress these warnings, you can use Python’s
built-in ``warnings`` module:

.. code-block:: python

    import warnings
    from joserfc.errors import SecurityWarning

    warnings.simplefilter('ignore', SecurityWarning)

With this configuration, ``SecurityWarning`` messages will no
longer appear. Be cautious when suppressing these warnings, as
they are meant to alert you to potentially insecure practices.

pytest
~~~~~~

When running unit tests with ``pytest``, you may want to ignore
security warnings. In that case, you can configure it in your
``pyproject.toml`` file:

.. code-block:: toml
    :caption: pyproject.toml

    [tool.pytest.ini_options]
    filterwarnings = [
        "ignore::joserfc.errors.SecurityWarning",
    ]

.. _UnsupportedAlgorithmError:

UnsupportedAlgorithmError
-------------------------

.. versionchanged:: 1.1.0

    From version 1.1.0, an ``UnsupportedAlgorithmError`` will be raised instead
    of a ``ValueError``.

By default, **ONLY recommended** :ref:`jwa` are allowed. With non recommended
algorithms, you may encounter the ``UnsupportedAlgorithmError`` error.

.. code-block:: python

    >>> from joserfc import jws
    >>> from joserfc.jwk import OctKey
    >>> key = OctKey.generate_key()
    >>> jws.serialize_compact({"alg": "HS384"}, b"payload", key)
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File ".../joserfc/jws.py", line 112, in serialize_compact
        alg: JWSAlgModel = registry.get_alg(protected["alg"])
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File ".../joserfc/_rfc7515/registry.py", line 60, in get_alg
        raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not recommended')
    joserfc.errors.UnsupportedAlgorithmError: unsupported_algorithm: Algorithm of "HS384" is not recommended

Because "HS384" is not a recommended algorithm, it is not allowed by default. You
SHOULD enable it manually by passing an ``algorithms`` parameter:

.. code-block:: python

    >>> jws.serialize_compact({"alg": "HS384"}, b"payload", key, algorithms=["HS384"])

Developers can also apply the ``registry`` parameter to resolve this issue. Here is an example
of using :ref:`registry`.

.. code-block:: python

    >>> from joserfc import jws
    >>> from joserfc.jwk import OctKey
    >>> key = OctKey.import_key("your-secret-key")
    >>> registry = jws.JWSRegistry(algorithms=["HS384"])
    >>> jws.serialize_compact({"alg": "HS384"}, b"payload", key, registry=registry)
    'eyJhbGciOiJIUzM4NCJ9.cGF5bG9hZA.TJEvlp74g89hNRNGNZxCQvB7YDEAWP5vFAjgu1O9Qr5BLMj0NtvbxvYkVYPGp-xQ'