Issue with PyJWT > 2.0.0

[mablanco]

Hi @j3ssie. I've received a report in my Dockerfile repository about an issue related to JWT:

[*] Loading config file from: /root/.osmedeus/client.conf
----------------------------------------------------------------------
[RUN] Starting Django API
----------------------------------------------------------------------
Performing system checks...

System check identified no issues (0 silenced).
January 25, 2021 - 19:02:38
Django version 2.2.13, using settings 'rest.settings'
Starting development server at http://0.0.0.0:8000/
Quit the server with CONTROL-C.
Internal Server Error: /auth/api/token/
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 505, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 465, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 502, in dispatch
    response = handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/views.py", line 27, in post
    serializer.is_valid(raise_exception=True)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework/serializers.py", line 235, in is_valid
    self._validated_data = self.run_validation(self.initial_data)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework/serializers.py", line 433, in run_validation
    value = self.validate(value)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/serializers.py", line 75, in validate
    data['refresh'] = str(refresh)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/tokens.py", line 82, in __str__
    return token_backend.encode(self.payload)
  File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/backends.py", line 35, in encode
    return token.decode('utf-8')
AttributeError: 'str' object has no attribute 'decode'
[25/Jan/2021 19:02:41] "POST /auth/api/token/ HTTP/1.1" 500 14444
[-] Authentication failed at: http://127.0.0.1:8000/auth/api/token/

        [!] This might happened by running Osmedeus with sudo but the install process running with normal user
        You should install the whole Osmedeus and running it with root user.
        Or whitelist masscan + nmap in sudoers file because it's required sudo permission.

[-] Can't login to get JWT

I've tracked this issue to the version of PyJWT installed by Osmedeus, which is 2.0.1 right now, while in the past, in a previous Docker image, the version was 1.7.1. Could it be possible to freeze PyJWT version below 2.x?

Best regards.

[mablanco]

I've implemented a quick fix in the Dockerfile, uninstalling PyJWT > 2.0 with pip and installing the Debian package (1.7). Maybe a proper solution would be to freeze the PyJWT version in the requirements.txt file.

[mablanco]

I can confirm that adding PyJWT==1.7.1 at the end of the requirements.txt file solves the problem. I'll open a PR for this fix.

[mablanco]

PR merged: https://github.com/j3ssie/Osmedeus/pull/201