Skip to content

[WIP] feat(auth): add algorithm property to Signer base class and update jw…#17662

Draft
ohmayr wants to merge 2 commits into
mainfrom
pqc-signer-algorithm-interface
Draft

[WIP] feat(auth): add algorithm property to Signer base class and update jw…#17662
ohmayr wants to merge 2 commits into
mainfrom
pqc-signer-algorithm-interface

Conversation

@ohmayr

@ohmayr ohmayr commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

…t.encode

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #<issue_number_goes_here> 🦕

@ohmayr ohmayr self-assigned this Jul 8, 2026

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces an algorithm property to the base Signer class and its RSA implementations, and updates the JWT encoding logic to dynamically retrieve the algorithm from the signer using getattr. The review feedback points out a potential issue when signer is a mock object, as getattr(signer, "algorithm", None) would return a truthy mock object and bypass the fallback to "RS256". It suggests explicitly checking if the retrieved algorithm is a string.

Comment on lines +99 to 102
if getattr(signer, "algorithm", None):
header.update({"alg": signer.algorithm})
else:
header.update({"alg": "RS256"})

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Using getattr(signer, "algorithm", None) can lead to unexpected behavior when signer is a mock object (e.g., created with mock.create_autospec(crypt.Signer, instance=True) or mock.Mock()). In Python, accessing any attribute on a mock object returns another mock object, which is truthy. This causes getattr(signer, "algorithm", None) to return a mock object instead of None, which prevents the code from falling back to "RS256" and can break existing tests or cause serialization errors.

To avoid this, explicitly verify that the returned algorithm is a string using isinstance(algorithm, str).

Suggested change
if getattr(signer, "algorithm", None):
header.update({"alg": signer.algorithm})
else:
header.update({"alg": "RS256"})
algorithm = getattr(signer, "algorithm", None)
if isinstance(algorithm, str):
header.update({"alg": algorithm})
else:
header.update({"alg": "RS256"})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant