Check presence among claims

[shenek]

Right now if you e.g. trying to validate that subject matches a name and the subject is missing in the claim, the validation passes.

>>> token = jwt.encode(algorithm='HS256', claims={'a': 'b'}, key='secret')
>>> jwt.decode(algorithms=['HS256'], key='secret', subject= 'my_sub', token=token)
>>> {'a': 'b'}

This patch adds options to suppress such behaviour.

>>> token = jwt.encode(algorithm='HS256', claims={'a': 'b'}, key='secret')
>>> jwt.decode(algorithms=['HS256'], key='secret', subject= 'my_sub', token=token, options={'present_sub': True})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/<my_venvs>/JWT/lib/python3.6/site-packages/jose/jwt.py", line 168, in decode
    options=defaults)
  File "/<my_venvs>/JWT/lib/python3.6/site-packages/jose/jwt.py", line 469, in _validate_claims
    raise JWTError('missing required key "%s" among claims' % required_claim)
jose.exceptions.JWTError: missing required key "sub" among claims

[codecov-io]

Codecov Report

Merging #98 into master will decrease coverage by 13.1%.
The diff coverage is 100%.

@@             Coverage Diff             @@
##           master      #98       +/-   ##
===========================================
- Coverage   96.54%   83.44%   -13.11%     
===========================================
  Files          14       14               
  Lines        1071     1075        +4     
===========================================
- Hits         1034      897      -137     
- Misses         37      178      +141

Impacted Files	Coverage Δ
jose/jwt.py	100% <100%> (ø)	⬆️
jose/backends/__init__.py	36.36% <0%> (-63.64%)	⬇️
jose/backends/ecdsa_backend.py	61.33% <0%> (-37.34%)	⬇️
jose/backends/pycrypto_backend.py	58.47% <0%> (-37.29%)	⬇️
jose/backends/rsa_backend.py	59.44% <0%> (-37.07%)	⬇️
jose/utils.py	71.92% <0%> (-15.79%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1c3c1a6...ec4ad99. Read the comment docs.

[zejn]

Hi, @shenek!

I'm sorry to come back to this after such a long time.

I find your contribution generally sensible. I'd change the "present" word into something less ambiguous - different people might read "present" as either presence or presentation (or even a gift), so I think changing this to "require" might make it a bit more obvious what is meant.

Additionally, if a require_claim options is set, the verify_claim option should automatically be set too.

The pull request should also add an entry to changelog.

Note that if you don't have time to look into this again after all this time, I'll totally understand.

[shenek]

Hi,

I tried to resolve your notes. I hope that it is fine now.

Cheers.

[zejn]

Thanks, @shenek, this is pretty awesome.