dep: remove pin on jwcrypto

pyproject.toml

@@ -24,7 +24,7 @@ classifiers = [
   "Programming Language :: Python :: Implementation :: PyPy",
 ]
 dependencies = [
-  "jwcrypto<=1.5.6",
+  "jwcrypto",
   "twisted",
 ]
 version = "0.13.1"

tests/__init__.py

@@ -33,6 +33,9 @@
 admins = {}
 logger = logging.getLogger(__name__)
 ENC_JWK = jwk.JWK.generate(kty="RSA", size=2048)
+# secrets for token generation need to be 64 chars long, as it needs to have 512 bits
+# since HS512 is used by default. The word 'jwcrypto' is 8 letters long. Perfect.
+_DEFAULT_TOKEN_SECRET = "jwcrypto" * 8
 
 
 class ModuleApiTestCase(synapsetest.HomeserverTestCase):
@@ -110,7 +113,7 @@ def default_config(self) -> dict[str, Any]:
                 {
                     "module": "synapse_token_authenticator.TokenAuthenticator",
                     "config": {
-                        "jwt": {"secret": "foxies"},
+                        "jwt": {"secret": _DEFAULT_TOKEN_SECRET},
                         "oidc": {
                             "issuer": "https://idp.example.test",
                             "client_id": "1111@project",
@@ -146,7 +149,7 @@ def default_config(self) -> dict[str, Any]:
         return conf
 
 
-def get_jwk(secret="foxies", id="123456") -> jwk.JWK:
+def get_jwk(secret=_DEFAULT_TOKEN_SECRET, id="123456") -> jwk.JWK:
     return jwk.JWK(
         k=base64.urlsafe_b64encode(secret.encode("utf-8")).decode("utf-8"),
         kty="oct",
@@ -161,7 +164,7 @@ def get_enc_jwk() -> jwk.JWK:
 def get_jwt_token(
     username,
     exp_in=None,
-    secret="foxies",
+    secret=_DEFAULT_TOKEN_SECRET,
     algorithm="HS512",
     admin=None,
     claims=None,
@@ -192,7 +195,7 @@ def get_jwt_token(
 def get_jwe_token(
     username,
     exp_in=None,
-    secret="foxies",
+    secret=_DEFAULT_TOKEN_SECRET,
     algorithm="HS512",
     admin=None,
     claims=None,

tests/test_epa.py

@@ -52,9 +52,9 @@ async def test_invalid_token(self):
         self.assertEqual(result, None)
 
     async def test_token_wrong_secret(self):
-        token = get_jwe_token(
-            "alice", secret="wrong secret", claims=get_default_claims()
-        )
+        # The secret needs to be 64 bytes, so pad it and bulk copy it. 16 * 4 = 64
+        secret = "wrong secret1234" * 4
+        token = get_jwe_token("alice", secret=secret, claims=get_default_claims())
         result = await self.hs.mockmod.check_epa(
             "alice", "com.famedly.login.token.epa", {"token": token}
         )

tests/test_jwt.py

@@ -17,7 +17,7 @@
 
 import tests.unittest as synapsetest
 
-from . import ModuleApiTestCase, get_jwt_token
+from . import _DEFAULT_TOKEN_SECRET, ModuleApiTestCase, get_jwt_token
 
 
 class JWTTests(ModuleApiTestCase):
@@ -41,7 +41,9 @@ async def test_invalid_token(self):
         self.assertEqual(result, None)
 
     async def test_token_wrong_secret(self):
-        token = get_jwt_token("alice", secret="wrong secret")
+        # The secret needs to be 64 bytes, so pad it and bulk copy it. 16 * 4 = 64
+        secret = "wrong secret1234" * 4
+        token = get_jwt_token("alice", secret=secret)
         result = await self.hs.mockmod.check_jwt_auth(
             "alice", "com.famedly.login.token", {"token": token}
         )
@@ -75,7 +77,7 @@ async def test_token_no_expiry(self):
                     "module": "synapse_token_authenticator.TokenAuthenticator",
                     "config": {
                         "jwt": {
-                            "secret": "foxies",
+                            "secret": _DEFAULT_TOKEN_SECRET,
                             "require_expiry": False,
                         }
                     },
@@ -134,7 +136,7 @@ async def test_chatbox_login_invalid_format(self, *args):
                     "module": "synapse_token_authenticator.TokenAuthenticator",
                     "config": {
                         "jwt": {
-                            "secret": "foxies",
+                            "secret": _DEFAULT_TOKEN_SECRET,
                             "allow_registration": True,
                         },
                     },

tests/test_oauth.py

@@ -57,7 +57,9 @@ async def test_invalid_token(self):
         self.assertEqual(result, None)
 
     async def test_token_wrong_secret(self):
-        token = get_jwt_token("aliceid", secret="wrong secret", claims=default_claims)
+        # The secret needs to be 64 bytes, so pad it and bulk copy it. 16 * 4 = 64
+        secret = "wrong secret1234" * 4
+        token = get_jwt_token("aliceid", secret=secret, claims=default_claims)
         result = await self.hs.mockmod.check_oauth(
             "alice", "com.famedly.login.token.oauth", {"token": token}
         )