PyJWT.decode: move verify param into options

Followup to #270: It seems that "verify" is only deprecated with `PyJWS.decode`, which makes sense, since you would have to override a lot of options to skip the verification in `PyJWT._validate_claims`. This makes `PyJWT.decode` use the `verify_signature` option when calling `PyJWT.decode`, and therefore also allows to use `stacklevel=2` there then for the DeprecationWarning.
jpadilla · Jun 12, 2017 · bb04ad8 · bb04ad8
1 parent 639fa01
commit bb04ad8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/jwt/api_jws.py b/jwt/api_jws.py
@@ -127,7 +127,7 @@ def decode(self, jws, key='', verify=True, algorithms=None, options=None,
         else:
             warnings.warn('The verify parameter is deprecated. '
                           'Please use verify_signature in options instead.',
-                          DeprecationWarning)
+                          DeprecationWarning, stacklevel=2)
 
         return payload
 

diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
@@ -60,8 +60,9 @@ def decode(self, jwt, key='', verify=True, algorithms=None, options=None,
                **kwargs):
         payload, signing_input, header, signature = self._load(jwt)
 
-        decoded = super(PyJWT, self).decode(jwt, key, verify, algorithms,
-                                            options, **kwargs)
+        options.setdefault('verify_signature', verify)
+        decoded = super(PyJWT, self).decode(jwt, key, algorithms, options,
+                                            **kwargs)
 
         try:
             payload = json.loads(decoded.decode('utf-8'))