Merge pull request jpadilla#45 from skion/none

Add support for alg="none".

Author: jpadilla

jwt/__init__.py

@@ -38,6 +38,7 @@ class ExpiredSignature(Exception):
 
 
 signing_methods = {
+    'none': lambda msg, key: b'',
     'HS256': lambda msg, key: hmac.new(key, msg, hashlib.sha256).digest(),
     'HS384': lambda msg, key: hmac.new(key, msg, hashlib.sha384).digest(),
     'HS512': lambda msg, key: hmac.new(key, msg, hashlib.sha512).digest()
@@ -60,6 +61,7 @@ def prepare_HS_key(key):
     return key
 
 prepare_key_methods = {
+    'none': lambda key: None,
     'HS256': prepare_HS_key,
     'HS384': prepare_HS_key,
     'HS512': prepare_HS_key
@@ -154,6 +156,9 @@ def header(jwt):
 def encode(payload, key, algorithm='HS256', headers=None):
     segments = []
 
+    if algorithm is None:
+        algorithm = 'none'
+
     # Check that we get a mapping
     if not isinstance(payload, Mapping):
         raise TypeError('Expecting a mapping object, as json web token only'

tests/test_jwt.py

@@ -381,6 +381,15 @@ def test_decode_with_notbefore_with_leeway(self):
             lambda: jwt.verify_signature(decoded_payload, signing,
                                          header, signature, secret, leeway=1))
 
+    def test_encode_decode_with_algo_none(self):
+        jwt_message = jwt.encode(self.payload, key=None, algorithm=None)
+
+        self.assertRaises(
+            jwt.DecodeError,
+            lambda: jwt.decode(jwt_message))
+
+        jwt.decode(jwt_message, verify=False)
+
     def test_encode_decode_with_rsa_sha256(self):
         try:
             from Crypto.PublicKey import RSA