fix(jwt): remove InvalidTokenError, ExpiredTokenError based on ClaimError

Author: lepture

src/joserfc/_rfc7519/claims.py

@@ -10,7 +10,6 @@
     MissingClaimError,
     InvalidClaimError,
     ExpiredTokenError,
-    InvalidTokenError,
 )
 
 Claims = dict[str, Any]
@@ -132,9 +131,9 @@ def validate_exp(self, value: int) -> None:
         containing a NumericDate value.  Use of this claim is OPTIONAL.
         """
         if not _validate_numeric_time(value):
-            raise InvalidClaimError("exp")
+            raise InvalidClaimError("exp", "Claim 'exp' must be a NumericDate value")
         if value < (self.now - self.leeway):
-            raise ExpiredTokenError()
+            raise ExpiredTokenError("exp")
         self.check_value("exp", value)
 
     def validate_nbf(self, value: int) -> None:
@@ -147,9 +146,9 @@ def validate_nbf(self, value: int) -> None:
         NumericDate value.  Use of this claim is OPTIONAL.
         """
         if not _validate_numeric_time(value):
-            raise InvalidClaimError("nbf")
+            raise InvalidClaimError("nbf", "Claim 'nbf' must be a NumericDate value")
         if value > (self.now + self.leeway):
-            raise InvalidTokenError()
+            raise InvalidClaimError("nbf", "The token is not yet valid")
         self.check_value("nbf", value)
 
     def validate_iat(self, value: int) -> None:
@@ -159,9 +158,9 @@ def validate_iat(self, value: int) -> None:
         claim is OPTIONAL.
         """
         if not _validate_numeric_time(value):
-            raise InvalidClaimError("iat")
+            raise InvalidClaimError("iat", "Claim 'iat' must be a NumericDate value")
         if value > (self.now + self.leeway):
-            raise InvalidTokenError()
+            raise InvalidClaimError("iat", "The token was issued in the future")
         self.check_value("iat", value)
 
 

src/joserfc/errors.py

@@ -201,9 +201,10 @@ class ClaimError(JoseError):
     claim: str
     description = "Error claim: '{}'"
 
-    def __init__(self, claim: str):
+    def __init__(self, claim: str, description: str | None = None):
         self.claim = claim
-        description = self.description.format(claim)
+        if description is None:
+            description = self.description.format(claim)
         super(ClaimError, self).__init__(description=description)
 
 
@@ -231,22 +232,19 @@ class InsecureClaimError(ClaimError):
     description = "Insecure claim: '{}'"
 
 
-class ExpiredTokenError(JoseError):
+class ExpiredTokenError(ClaimError):
     """This error is designed for JWT. It raised when the token is expired."""
 
     error = "expired_token"
     description = "The token is expired"
 
 
-class InvalidTokenError(JoseError):
-    """This error is designed for JWT. It raised when the token is not valid yet."""
-
-    error = "invalid_token"
-    description = "The token is not valid yet"
-
-
 class InvalidPayloadError(JoseError):
     """This error is designed for JWT. It raised when the payload is
     not a valid JSON object."""
 
     error = "invalid_payload"
+
+
+# compatibility
+InvalidTokenError = InvalidClaimError

tests/jwt/test_claims.py

@@ -10,7 +10,6 @@
     InvalidClaimError,
     MissingClaimError,
     ExpiredTokenError,
-    InvalidTokenError,
 )
 
 
@@ -90,7 +89,7 @@ def test_int_claims(self):
 
         claims_requests.validate({"exp": now + 100, "nbf": now - 100, "iat": now})
         self.assertRaises(ExpiredTokenError, claims_requests.validate, {"exp": now - 100})
-        self.assertRaises(InvalidTokenError, claims_requests.validate, {"nbf": now + 100})
+        self.assertRaises(InvalidClaimError, claims_requests.validate, {"nbf": now + 100})
 
     def test_validate_aud(self):
         claims_requests = jwt.JWTClaimsRegistry(aud={"essential": True, "value": "a"})
@@ -129,13 +128,13 @@ def test_validate_iat(self):
         claims_requests = jwt.JWTClaimsRegistry(leeway=500)
         now = int(time.time())
         claims_requests.validate({"iat": now})
-        self.assertRaises(InvalidTokenError, claims_requests.validate, {"iat": now + 1000})
+        self.assertRaises(InvalidClaimError, claims_requests.validate, {"iat": now + 1000})
 
     def test_validate_nbf(self):
         claims_requests = jwt.JWTClaimsRegistry(leeway=500)
         now = int(time.time())
         claims_requests.validate({"nbf": now})
-        self.assertRaises(InvalidTokenError, claims_requests.validate, {"nbf": now + 1000})
+        self.assertRaises(InvalidClaimError, claims_requests.validate, {"nbf": now + 1000})
 
     def test_claims_with_uuid_field(self):
         value = uuid.uuid4()
@@ -175,30 +174,28 @@ def test_validate_list_inclusion(self):
         claims_requests.validate({"custom_claim": "a"})
 
     def test_validate_allow_blank(self):
+        blank_values = ["", [], {}]
+
         # Case 1: allow blank value
         claims_requests = jwt.JWTClaimsRegistry(custom_claim={"essential": True, "allow_blank": True})
         self.assertRaises(MissingClaimError, claims_requests.validate, {"custom_claim": None})
-        claims_requests.validate({"custom_claim": ""})
-        claims_requests.validate({"custom_claim": []})
-        claims_requests.validate({"custom_claim": {}})
+        for value in blank_values:
+            claims_requests.validate({"custom_claim": value})
 
         # Case 2: allow blank value without essential
         claims_requests = jwt.JWTClaimsRegistry(custom_claim={"allow_blank": True})
         claims_requests.validate({"custom_claim": None})
-        claims_requests.validate({"custom_claim": ""})
-        claims_requests.validate({"custom_claim": []})
-        claims_requests.validate({"custom_claim": {}})
+        for value in blank_values:
+            claims_requests.validate({"custom_claim": value})
 
         # Case 3: do not allow blank value
-        claims_requests = jwt.JWTClaimsRegistry(custom_claim={"essential": True, "allow_blank": False})
-        self.assertRaises(MissingClaimError, claims_requests.validate, {"custom_claim": None})
-        self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": ""})
-        self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": []})
-        self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": {}})
-
-        # Case 4: do not allow blank value without essential
         claims_requests = jwt.JWTClaimsRegistry(custom_claim={"allow_blank": False})
         self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": None})
-        self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": ""})
-        self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": []})
-        self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": {}})
+        for value in blank_values:
+            self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": value})
+
+        # Case 4: do not allow blank value on essential claim
+        claims_requests = jwt.JWTClaimsRegistry(custom_claim={"essential": True, "allow_blank": False})
+        self.assertRaises(MissingClaimError, claims_requests.validate, {"custom_claim": None})
+        for value in blank_values:
+            self.assertRaises(InvalidClaimError, claims_requests.validate, {"custom_claim": value})