diff --git a/lnbits/decorators.py b/lnbits/decorators.py index f61c6c028..f8de5f3d8 100644 --- a/lnbits/decorators.py +++ b/lnbits/decorators.py @@ -1,12 +1,12 @@ from http import HTTPStatus from typing import Annotated, Literal, Optional, Type, Union +import jwt from fastapi import Cookie, Depends, Query, Request, Security from fastapi.exceptions import HTTPException from fastapi.openapi.models import APIKey, APIKeyIn, SecuritySchemeType from fastapi.security import APIKeyHeader, APIKeyQuery, OAuth2PasswordBearer from fastapi.security.base import SecurityBase -from jose import ExpiredSignatureError, JWTError, jwt from loguru import logger from pydantic.types import UUID4 @@ -256,7 +256,7 @@ async def _check_user_extension_access(user_id: str, current_path: str): async def _get_account_from_token(access_token): try: - payload = jwt.decode(access_token, settings.auth_secret_key, "HS256") + payload = jwt.decode(access_token, settings.auth_secret_key, ["HS256"]) if "sub" in payload and payload.get("sub"): return await get_account_by_username(str(payload.get("sub"))) if "usr" in payload and payload.get("usr"): @@ -265,10 +265,10 @@ async def _get_account_from_token(access_token): return await get_account_by_email(str(payload.get("email"))) raise HTTPException(HTTPStatus.UNAUTHORIZED, "Data missing for access token.") - except ExpiredSignatureError as exc: + except jwt.ExpiredSignatureError as exc: raise HTTPException( HTTPStatus.UNAUTHORIZED, "Session expired.", {"token-expired": "true"} ) from exc - except JWTError as exc: + except jwt.PyJWTError as exc: logger.debug(exc) raise HTTPException(HTTPStatus.UNAUTHORIZED, "Invalid access token.") from exc diff --git a/lnbits/helpers.py b/lnbits/helpers.py index 369d58fd8..1d4e74fe0 100644 --- a/lnbits/helpers.py +++ b/lnbits/helpers.py @@ -5,8 +5,8 @@ from pathlib import Path from typing import Any, List, Optional, Type import jinja2 +import jwt import shortuuid -from jose import jwt from pydantic import BaseModel from pydantic.schema import field_schema diff --git a/poetry.lock b/poetry.lock index 8f78ae336..af65579a5 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1740,17 +1740,6 @@ files = [ [package.dependencies] cryptography = ">=2.5" -[[package]] -name = "pyasn1" -version = "0.5.1" -description = "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)" -optional = false -python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" -files = [ - {file = "pyasn1-0.5.1-py2.py3-none-any.whl", hash = "sha256:4439847c58d40b1d0a573d07e3856e95333f1976294494c325775aeca506eb58"}, - {file = "pyasn1-0.5.1.tar.gz", hash = "sha256:6d391a96e59b23130a5cfa74d6fd7f388dbbe26cc8f1edf39fdddf08d9d6676c"}, -] - [[package]] name = "pycparser" version = "2.21" @@ -1863,6 +1852,23 @@ typing-extensions = ">=4.2.0" dotenv = ["python-dotenv (>=0.10.4)"] email = ["email-validator (>=1.0.3)"] +[[package]] +name = "pyjwt" +version = "2.8.0" +description = "JSON Web Token implementation in Python" +optional = false +python-versions = ">=3.7" +files = [ + {file = "PyJWT-2.8.0-py3-none-any.whl", hash = "sha256:59127c392cc44c2da5bb3192169a91f429924e17aff6534d70fdc02ab3e04320"}, + {file = "PyJWT-2.8.0.tar.gz", hash = "sha256:57e28d156e3d5c10088e0c68abb90bfac3df82b40a71bd0daa20c65ccd5c23de"}, +] + +[package.extras] +crypto = ["cryptography (>=3.4.0)"] +dev = ["coverage[toml] (==5.0.4)", "cryptography (>=3.4.0)", "pre-commit", "pytest (>=6.0.0,<7.0.0)", "sphinx (>=4.5.0,<5.0.0)", "sphinx-rtd-theme", "zope.interface"] +docs = ["sphinx (>=4.5.0,<5.0.0)", "sphinx-rtd-theme", "zope.interface"] +tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"] + [[package]] name = "pyln-bolt7" version = "1.0.246" @@ -2082,27 +2088,6 @@ files = [ [package.extras] cli = ["click (>=5.0)"] -[[package]] -name = "python-jose" -version = "3.3.0" -description = "JOSE implementation in Python" -optional = false -python-versions = "*" -files = [ - {file = "python-jose-3.3.0.tar.gz", hash = "sha256:55779b5e6ad599c6336191246e95eb2293a9ddebd555f796a65f838f07e5d78a"}, - {file = "python_jose-3.3.0-py2.py3-none-any.whl", hash = "sha256:9b1376b023f8b298536eedd47ae1089bcdb848f1535ab30555cd92002d78923a"}, -] - -[package.dependencies] -ecdsa = "!=0.15" -pyasn1 = "*" -rsa = "*" - -[package.extras] -cryptography = ["cryptography (>=3.4.0)"] -pycrypto = ["pyasn1", "pycrypto (>=2.6.0,<2.7.0)"] -pycryptodome = ["pyasn1", "pycryptodome (>=3.3.1,<4.0.0)"] - [[package]] name = "pywebpush" version = "1.14.0" @@ -2342,20 +2327,6 @@ files = [ {file = "rpds_py-0.10.3.tar.gz", hash = "sha256:fcc1ebb7561a3e24a6588f7c6ded15d80aec22c66a070c757559b57b17ffd1cb"}, ] -[[package]] -name = "rsa" -version = "4.9" -description = "Pure-Python RSA implementation" -optional = false -python-versions = ">=3.6,<4" -files = [ - {file = "rsa-4.9-py3-none-any.whl", hash = "sha256:90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7"}, - {file = "rsa-4.9.tar.gz", hash = "sha256:e38464a49c6c85d7f1351b0126661487a7e0a14a50f1675ec50eb34d4f20ef21"}, -] - -[package.dependencies] -pyasn1 = ">=0.1.3" - [[package]] name = "ruff" version = "0.3.3" @@ -2654,31 +2625,6 @@ files = [ {file = "types_protobuf-4.24.0.4-py3-none-any.whl", hash = "sha256:131ab7d0cbc9e444bc89c994141327dcce7bcaeded72b1acb72a94827eb9c7af"}, ] -[[package]] -name = "types-pyasn1" -version = "0.5.0.1" -description = "Typing stubs for pyasn1" -optional = false -python-versions = ">=3.7" -files = [ - {file = "types-pyasn1-0.5.0.1.tar.gz", hash = "sha256:023e903f5920ec9585555235f95bb2d2756b7b58023d3f94890ee8d1d4d9d1ff"}, - {file = "types_pyasn1-0.5.0.1-py3-none-any.whl", hash = "sha256:1bbbe3fcf16a65064e4a5bd7f1be43c375ba241054f8f361b5e6c61c8deb3935"}, -] - -[[package]] -name = "types-python-jose" -version = "3.3.4.8" -description = "Typing stubs for python-jose" -optional = false -python-versions = "*" -files = [ - {file = "types-python-jose-3.3.4.8.tar.gz", hash = "sha256:3c316675c3cee059ccb9aff87358254344915239fa7f19cee2787155a7db14ac"}, - {file = "types_python_jose-3.3.4.8-py3-none-any.whl", hash = "sha256:95592273443b45dc5cc88f7c56aa5a97725428753fb738b794e63ccb4904954e"}, -] - -[package.dependencies] -types-pyasn1 = "*" - [[package]] name = "typing-extensions" version = "4.8.0" @@ -3054,4 +3000,4 @@ liquid = ["wallycore"] [metadata] lock-version = "2.0" python-versions = "^3.10 | ^3.9" -content-hash = "33f9d6ee851ae77b6e02cc8964d1a6ea233ba3ff4cfaeeb082c327654c9cd7e0" +content-hash = "9b454ce12bf270bdd2c950a4fdd0e69048cd5e6d5357d14d826443e64409344f" diff --git a/pyproject.toml b/pyproject.toml index 60e137a06..70c2acd0e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -43,7 +43,7 @@ packaging = "23.1" bolt11 = "2.0.6" # needed for new login methods: username-password, google-auth, github-auth bcrypt = "^4.1.1" -python-jose = "^3.3.0" +pyjwt = "^2.8.0" passlib = "^1.7.4" itsdangerous = "^2.1.2" fastapi-sso = "^0.9.1" @@ -75,7 +75,6 @@ ruff = "^0.3.2" # we want to use 0.10.3 because newer versions are broken on nix rpds-py = "0.10.3" types-passlib = "^1.7.7.13" -types-python-jose = "^3.3.4.8" openai = "^1.12.0" json5 = "^0.9.17" asgi-lifespan = "^2.1.0"