From d5f6d2d93422346607d8cff2b4a0151fbe78586c Mon Sep 17 00:00:00 2001
From: M Umar Khan <umar.khan@arbisoft.com>
Date: Tue, 28 Mar 2023 00:23:30 +0500
Subject: [PATCH] chore: replace pyjwkest with pyjwt

---
 auth_backends/tests/test_backends.py | 22 +++++++++++-----------
 requirements/base.txt                |  4 ++--
 requirements/ci.txt                  |  6 +++---
 requirements/dev.txt                 | 26 ++++++++------------------
 requirements/test.in                 |  2 +-
 requirements/test.txt                | 22 ++++++++--------------
 6 files changed, 33 insertions(+), 49 deletions(-)

diff --git a/auth_backends/tests/test_backends.py b/auth_backends/tests/test_backends.py
index 7874dd9b..437df620 100644
--- a/auth_backends/tests/test_backends.py
+++ b/auth_backends/tests/test_backends.py
@@ -3,11 +3,11 @@
 import json
 from calendar import timegm
 
+import jwt
 import six
 from Cryptodome.PublicKey import RSA
 from django.core.cache import cache
-from jwkest.jwk import RSAKey
-from jwkest.jws import JWS
+from jwt.algorithms import get_default_algorithms
 from social_core.tests.backends.oauth import OAuth2Test
 
 
@@ -25,7 +25,6 @@ class EdXOAuth2Tests(OAuth2Test):
     def setUp(self):
         cache.clear()
         super().setUp()
-        self.key = RSAKey(kid='testkey', key=RSA.generate(2048))
 
     def set_social_auth_setting(self, setting_name, value):
         """
@@ -45,7 +44,7 @@ def access_token_body(self, request, _url, headers):
         self.assertEqual(body['token_type'], ['jwt'])
 
         expires_in = 3600
-        access_token = self.create_jws_access_token(expires_in)
+        access_token = self.create_jwt_access_token(expires_in)
         body = json.dumps({
             'scope': 'read write profile email user_id',
             'token_type': 'JWT',
@@ -54,20 +53,21 @@ def access_token_body(self, request, _url, headers):
         })
         return 200, headers, body
 
-    def create_jws_access_token(self, expires_in=3600, issuer=None, key=None, alg='RS512'):
+    def create_jwt_access_token(self, expires_in=3600, issuer=None, key=None, alg='RS512'):
         """
-        Creates a signed (JWS) access token.
+        Creates a signed (JWT) access token.
 
         Arguments:
             expires_in (int): Number of seconds after which the token expires.
             issuer (str): Issuer of the token.
-            key (jwkest.jwk.Key): Key used to sign the token.
+            key (cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey): Key used to sign the token.
             alg (str): Signing algorithm.
 
         Returns:
-            str: JWS
+            str: JWT
         """
-        key = key or self.key
+        algorithm = get_default_algorithms()[alg]
+        key = key or algorithm.prepare_key(RSA.generate(2048).export_key('PEM'))
         now = datetime.datetime.utcnow()
         expiration_datetime = now + datetime.timedelta(seconds=expires_in)
         issue_datetime = now
@@ -86,7 +86,7 @@ def create_jws_access_token(self, expires_in=3600, issuer=None, key=None, alg='R
             'family_name': 'Smith',
             'user_id': '1',
         }
-        access_token = JWS(payload, jwk=key, alg=alg).sign_compact()
+        access_token = jwt.encode(payload, key, algorithm=alg)
         return access_token
 
     def extra_settings(self):
@@ -150,7 +150,7 @@ def test_end_session_url(self):
         self.assertEqual(self.backend.end_session_url(), self.public_url_root + logout_location)
 
     def test_user_data(self):
-        user_data = self.backend.user_data(self.create_jws_access_token())
+        user_data = self.backend.user_data(self.create_jwt_access_token())
         self.assertDictEqual(user_data, {
             'name': 'Joe Smith',
             'preferred_username': 'jsmith',
diff --git a/requirements/base.txt b/requirements/base.txt
index cd7964a8..7a79bc53 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -12,7 +12,7 @@ cffi==1.15.1
     # via cryptography
 charset-normalizer==3.1.0
     # via requests
-cryptography==39.0.2
+cryptography==40.0.1
     # via
     #   pyjwt
     #   social-auth-core
@@ -38,7 +38,7 @@ pyjwt[crypto]==2.6.0
     #   social-auth-core
 python3-openid==3.2.0
     # via social-auth-core
-pytz==2022.7.1
+pytz==2023.2
     # via django
 requests==2.28.2
     # via
diff --git a/requirements/ci.txt b/requirements/ci.txt
index 98718d15..9fa0a0e4 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -10,11 +10,11 @@ charset-normalizer==3.1.0
     # via requests
 codecov==2.1.12
     # via -r requirements/ci.in
-coverage==7.2.1
+coverage==7.2.2
     # via codecov
 distlib==0.3.6
     # via virtualenv
-filelock==3.10.0
+filelock==3.10.7
     # via
     #   tox
     #   virtualenv
@@ -22,7 +22,7 @@ idna==3.4
     # via requests
 packaging==23.0
     # via tox
-platformdirs==3.1.1
+platformdirs==3.2.0
     # via virtualenv
 pluggy==1.0.0
     # via tox
diff --git a/requirements/dev.txt b/requirements/dev.txt
index defb2815..9561d848 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -12,7 +12,7 @@ asgiref==3.6.0
     # via
     #   -r requirements/test.txt
     #   django
-astroid==2.15.0
+astroid==2.15.1
     # via
     #   -r requirements/test.txt
     #   pylint
@@ -57,13 +57,13 @@ code-annotations==1.3.0
     #   edx-lint
 codecov==2.1.12
     # via -r requirements/ci.txt
-coverage[toml]==7.2.1
+coverage[toml]==7.2.2
     # via
     #   -r requirements/ci.txt
     #   -r requirements/test.txt
     #   codecov
     #   pytest-cov
-cryptography==39.0.2
+cryptography==40.0.1
     # via
     #   -r requirements/test.txt
     #   pyjwt
@@ -92,16 +92,12 @@ exceptiongroup==1.1.1
     # via
     #   -r requirements/test.txt
     #   pytest
-filelock==3.10.0
+filelock==3.10.7
     # via
     #   -r requirements/ci.txt
     #   -r requirements/test.txt
     #   tox
     #   virtualenv
-future==0.18.3
-    # via
-    #   -r requirements/test.txt
-    #   pyjwkest
 httpretty==1.1.4
     # via -r requirements/test.txt
 idna==3.4
@@ -156,7 +152,7 @@ pbr==5.11.1
     #   stevedore
 pip-tools==6.12.3
     # via -r requirements/pip-tools.txt
-platformdirs==3.1.1
+platformdirs==3.2.0
     # via
     #   -r requirements/ci.txt
     #   -r requirements/test.txt
@@ -180,16 +176,12 @@ pycparser==2.21
     #   -r requirements/test.txt
     #   cffi
 pycryptodomex==3.17
-    # via
-    #   -r requirements/test.txt
-    #   pyjwkest
-pyjwkest==1.4.2
     # via -r requirements/test.txt
 pyjwt[crypto]==2.6.0
     # via
     #   -r requirements/test.txt
     #   social-auth-core
-pylint==2.17.0
+pylint==2.17.1
     # via
     #   -r requirements/test.txt
     #   edx-lint
@@ -230,7 +222,7 @@ python3-openid==3.2.0
     # via
     #   -r requirements/test.txt
     #   social-auth-core
-pytz==2022.7.1
+pytz==2023.2
     # via
     #   -r requirements/test.txt
     #   django
@@ -243,7 +235,6 @@ requests==2.28.2
     #   -r requirements/ci.txt
     #   -r requirements/test.txt
     #   codecov
-    #   pyjwkest
     #   requests-oauthlib
     #   social-auth-core
 requests-oauthlib==1.3.1
@@ -255,7 +246,6 @@ six==1.16.0
     #   -r requirements/ci.txt
     #   -r requirements/test.txt
     #   edx-lint
-    #   pyjwkest
     #   tox
     #   unittest2
 social-auth-app-django==5.1.0
@@ -287,7 +277,7 @@ tomli==2.0.1
     #   pyproject-hooks
     #   pytest
     #   tox
-tomlkit==0.11.6
+tomlkit==0.11.7
     # via
     #   -r requirements/test.txt
     #   pylint
diff --git a/requirements/test.in b/requirements/test.in
index 1577e692..d0b823bd 100644
--- a/requirements/test.in
+++ b/requirements/test.in
@@ -7,7 +7,7 @@ coverage
 edx-lint
 httpretty
 pycodestyle
-pyjwkest                   # used for crypto tests
+pycryptodomex                   # used for crypto tests
 pytest-cov
 pytest-django
 tox
diff --git a/requirements/test.txt b/requirements/test.txt
index 2d294bd6..659abcbf 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -10,7 +10,7 @@ asgiref==3.6.0
     # via
     #   -r requirements/base.txt
     #   django
-astroid==2.15.0
+astroid==2.15.1
     # via
     #   pylint
     #   pylint-celery
@@ -37,11 +37,11 @@ click-log==0.4.0
     # via edx-lint
 code-annotations==1.3.0
     # via edx-lint
-coverage[toml]==7.2.1
+coverage[toml]==7.2.2
     # via
     #   -r requirements/test.in
     #   pytest-cov
-cryptography==39.0.2
+cryptography==40.0.1
     # via
     #   -r requirements/base.txt
     #   pyjwt
@@ -62,12 +62,10 @@ edx-lint==5.3.4
     # via -r requirements/test.in
 exceptiongroup==1.1.1
     # via pytest
-filelock==3.10.0
+filelock==3.10.7
     # via
     #   tox
     #   virtualenv
-future==0.18.3
-    # via pyjwkest
 httpretty==1.1.4
     # via -r requirements/test.in
 idna==3.4
@@ -99,7 +97,7 @@ packaging==23.0
     #   tox
 pbr==5.11.1
     # via stevedore
-platformdirs==3.1.1
+platformdirs==3.2.0
     # via
     #   pylint
     #   virtualenv
@@ -116,14 +114,12 @@ pycparser==2.21
     #   -r requirements/base.txt
     #   cffi
 pycryptodomex==3.17
-    # via pyjwkest
-pyjwkest==1.4.2
     # via -r requirements/test.in
 pyjwt[crypto]==2.6.0
     # via
     #   -r requirements/base.txt
     #   social-auth-core
-pylint==2.17.0
+pylint==2.17.1
     # via
     #   edx-lint
     #   pylint-celery
@@ -151,7 +147,7 @@ python3-openid==3.2.0
     # via
     #   -r requirements/base.txt
     #   social-auth-core
-pytz==2022.7.1
+pytz==2023.2
     # via
     #   -r requirements/base.txt
     #   django
@@ -160,7 +156,6 @@ pyyaml==6.0
 requests==2.28.2
     # via
     #   -r requirements/base.txt
-    #   pyjwkest
     #   requests-oauthlib
     #   social-auth-core
 requests-oauthlib==1.3.1
@@ -171,7 +166,6 @@ six==1.16.0
     # via
     #   -r requirements/base.txt
     #   edx-lint
-    #   pyjwkest
     #   tox
     #   unittest2
 social-auth-app-django==5.1.0
@@ -194,7 +188,7 @@ tomli==2.0.1
     #   pylint
     #   pytest
     #   tox
-tomlkit==0.11.6
+tomlkit==0.11.7
     # via pylint
 tox==3.28.0
     # via