verify_expiration was removed too soon

- Merge with `verify_exp` option
- Add deprecation warning

Author: jpadilla

jwt/api_jwt.py

@@ -1,4 +1,5 @@
 import json
+import warnings
 
 from calendar import timegm
 from collections import Mapping
@@ -74,6 +75,12 @@ def decode(self, jwt, key='', verify=True, algorithms=None, options=None,
 
     def _validate_claims(self, payload, audience=None, issuer=None, leeway=0,
                          options=None, **kwargs):
+
+        if 'verify_expiration' in kwargs:
+            options['verify_exp'] = kwargs.get('verify_expiration', True)
+            warnings.warn('The verify_expiration parameter is deprecated. '
+                          'Please use options instead.', DeprecationWarning)
+
         if isinstance(leeway, timedelta):
             leeway = timedelta_total_seconds(leeway)
 

tests/test_api_jwt.py

@@ -419,3 +419,23 @@ def default(self, o):
         payload = jwt.decode(token, 'secret')
 
         assert payload == {'some_decimal': 'it worked'}
+
+    def test_decode_with_verify_expiration_kwarg(self, jwt, payload):
+        payload['exp'] = utc_timestamp() - 1
+        secret = 'secret'
+        jwt_message = jwt.encode(payload, secret)
+
+        pytest.deprecated_call(
+            jwt.decode,
+            jwt_message,
+            secret,
+            verify_expiration=False
+        )
+
+        with pytest.raises(ExpiredSignatureError):
+            pytest.deprecated_call(
+                jwt.decode,
+                jwt_message,
+                secret,
+                verify_expiration=True
+            )