PyJWT.decode: move verify param into options (jpadilla#271)

Followup to jpadilla#270:

It seems that "verify" is only deprecated with `PyJWS.decode`, which
makes sense, since you would have to override a lot of options to skip
the verification in `PyJWT._validate_claims`.

This makes `PyJWT.decode` use the `verify_signature` option when calling
`PyJWT.decode`, and therefore also allows to use `stacklevel=2` there
then for the DeprecationWarning.

Author: blueyed

jwt/api_jws.py

@@ -127,7 +127,7 @@ def decode(self, jws, key='', verify=True, algorithms=None, options=None,
         else:
             warnings.warn('The verify parameter is deprecated. '
                           'Please use verify_signature in options instead.',
-                          DeprecationWarning)
+                          DeprecationWarning, stacklevel=2)
 
         return payload
 

jwt/api_jwt.py

@@ -60,8 +60,12 @@ def decode(self, jwt, key='', verify=True, algorithms=None, options=None,
                **kwargs):
         payload, signing_input, header, signature = self._load(jwt)
 
-        decoded = super(PyJWT, self).decode(jwt, key, verify, algorithms,
-                                            options, **kwargs)
+        if options is None:
+            options = {'verify_signature': verify}
+        else:
+            options.setdefault('verify_signature', verify)
+        decoded = super(PyJWT, self).decode(jwt, key, algorithms, options,
+                                            **kwargs)
 
         try:
             payload = json.loads(decoded.decode('utf-8'))