CAIP-8 extended jwt tests and add support for the latest versions (#356)

* CAIP-8 extended jwt tests

* CAIP-8 re-lock setuptools

* CAIP-7 added build for latest versions

* CAIP-7 fix borken test for 3.13

* CAIP-8 fix python versions

* CAIP-8 update urllib3

* CAIP-8 downgrade urlib

* CAIP-8 update url lib to validated version

Author: broHeryk

.github/workflows/build.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        python-version: [ '3.9', '3.10' ]
+        python-version: [ '3.9', '3.10', '3.11', '3.12', '3.13' ]
         os: [ ubuntu-latest, macos-latest, windows-latest ]
         include:
           - os: ubuntu-latest

README.md

@@ -1,6 +1,6 @@
 [![FINOS - Active](https://cdn.jsdelivr.net/gh/finos/contrib-toolbox@master/images/badge-active.svg)](https://community.finos.org/docs/governance/Software-Projects/stages/active)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Python](https://img.shields.io/badge/python-3.8%20%7C%203.9-blue)](https://www.python.org/downloads/release/python-3)
+[![Python](https://img.shields.io/badge/python-3.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-blue)](https://www.python.org/downloads/)
 [![Pypi](https://img.shields.io/pypi/v/symphony-bdk-python)](https://pypi.org/project/symphony-bdk-python/)
 ![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/finos/symphony-bdk-python/build/main)
 
@@ -14,7 +14,7 @@ Symphony BDK for Python provides tools for building bots and integrating with Sy
 
 ## Prerequisites
 
-- Python 3.8 or higher
+- Python 3.9 or higher
 - [Poetry](https://python-poetry.org/docs/#installation)
 
 ## Installation Steps

poetry.lock

@@ -15,7 +15,7 @@ packages = [
 python = ">3.9.0,<3.9.1 || >3.9.1,<4.0"
 nulltype = "^2.3.1"
 python-dateutil = "^2.8.2"
-urllib3 = "^1.26.19"
+urllib3 = ">2.0.0,<2.4.0"
 aiohttp = "^3.10.2"
 pyyaml = "^6.0"
 PyJWT = "^2.10.0"
@@ -24,7 +24,7 @@ tenacity = "^8.0.1"
 defusedxml = "^0.7.1"
 docutils = "0.16"
 
-[tool.poetry.dev-dependencies]
+[tool.poetry.group.dev.dependencies]
 pytest = "^8.3.3"
 pylint = "^2.6.0"
 pytest-cov = "^5.0.0"
@@ -34,7 +34,8 @@ jinja2 = "^3.1.6"
 recommonmark = "^0.7.1"
 furo = "^2022.3.4"
 hazelcast-python-client = "^5.0.1"
-safety = "^2.2.0"
+safety = "^2.3.5"
+setuptools = "^79.0.0"
 liccheck = "^0.6.2"
 coverage = {version = "^6.0b1", extras = ["toml"]}
 

pyproject.toml

@@ -1,4 +1,3 @@
-from lib2to3.pgen2.tokenize import tokenize
 from symphony.bdk.core.activity.parsing.message_entities import Cashtag, Hashtag, Mention
 from symphony.bdk.core.activity.parsing.input_tokenizer import InputTokenizer
 from symphony.bdk.gen.agent_model.v4_message import V4Message

tests/core/activity/parsing/input_tokenizer_test.py

@@ -49,6 +49,24 @@ def test_validate_jwt(jwt_payload, certificate, rsa_key):
     assert claims == jwt_payload
 
 
+
+def test_validate_expired_jwt(jwt_payload, certificate, rsa_key):
+    jwt_payload["exp"] = (datetime.datetime.now(datetime.timezone.utc).timestamp() - 10)
+    signed_jwt = create_signed_jwt_with_claims(rsa_key, jwt_payload)
+
+    with pytest.raises(AuthInitializationError):
+        validate_jwt(signed_jwt, certificate, AUDIENCE)
+
+
+
+def test_validate_jwt_with_empty_sub(jwt_payload, certificate, rsa_key):
+    jwt_payload["sub"] = None
+    signed_jwt = create_signed_jwt_with_claims(rsa_key, jwt_payload)
+
+    claims = validate_jwt(signed_jwt, certificate, AUDIENCE)
+    assert claims == jwt_payload
+
+
 def test_validate_jwt_with_wrong_audience(jwt_payload, certificate, rsa_key):
     signed_jwt = create_signed_jwt_with_claims(rsa_key, jwt_payload)