Skip to content

test: use a >=32-byte secret in JWTCookieHelper tests (unblocks pyjwt 2.13.0)#7394

Open
santicomp2014 wants to merge 1 commit into
mainfrom
fix/jwt-cookie-test-secret-length
Open

test: use a >=32-byte secret in JWTCookieHelper tests (unblocks pyjwt 2.13.0)#7394
santicomp2014 wants to merge 1 commit into
mainfrom
fix/jwt-cookie-test-secret-length

Conversation

@santicomp2014

Copy link
Copy Markdown
Contributor

Unblocks the pyjwt 2.13.0 security bump (#7376).

pyjwt 2.13.0 adds InsecureKeyLengthWarningjwt.encode() with an HMAC key < 32 bytes (HS256) now warns (RFC 7518 §3.2). Our JWTCookieHelper tests use "test_secret" (11 bytes) and pytest runs filterwarnings=error, so the warning fails the suite#7376 (and the same across repos) shows red Tests/Functests.

This swaps the 3 matching "test_secret" literals for a ≥32-byte value. Version-independent — passes with the current pyjwt 2.10.1, and clears the warning under 2.13.0. Verified in isolation: 11-byte key raises the warning, 39-byte key roundtrips clean under -W error.

Production is unaffected — the warning is never an error there; and the real feature_flags_cookie_secret deployment setting should already be a proper-length secret.

🤖 Generated with Claude Code

pyjwt 2.13.0 emits InsecureKeyLengthWarning when jwt.encode() uses an HMAC key
shorter than 32 bytes (HS256, RFC 7518 3.2). Our tests use 'test_secret' (11
bytes) and pytest runs with filterwarnings=error, so the warning fails the
suite — blocking the pyjwt 2.13.0 security bump (#7376). Use a >=32-byte test
secret; version-independent (works with the current 2.10.1 too). Production is
unaffected — the warning is not an error there.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@santicomp2014 santicomp2014 force-pushed the fix/jwt-cookie-test-secret-length branch from 70140bc to 3a0a615 Compare July 1, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant