diff --git a/flask_jwt_extended/jwt_manager.py b/flask_jwt_extended/jwt_manager.py index 56f59c24..96d28a53 100644 --- a/flask_jwt_extended/jwt_manager.py +++ b/flask_jwt_extended/jwt_manager.py @@ -3,7 +3,7 @@ from jwt import ( ExpiredSignatureError, InvalidTokenError, InvalidAudienceError, - InvalidIssuerError + InvalidIssuerError, DecodeError ) try: from flask import _app_ctx_stack as ctx_stack @@ -113,6 +113,10 @@ def handle_expired_error(e): def handle_invalid_header_error(e): return self._invalid_token_callback(str(e)) + @app.errorhandler(DecodeError) + def handle_invalid_header_error(e): + return self._invalid_token_callback(str(e)) + @app.errorhandler(InvalidTokenError) def handle_invalid_token_error(e): return self._invalid_token_callback(str(e)) diff --git a/tests/test_decode_tokens.py b/tests/test_decode_tokens.py index 0bda14b6..f9cf6710 100644 --- a/tests/test_decode_tokens.py +++ b/tests/test_decode_tokens.py @@ -8,7 +8,7 @@ from jwt import ( ExpiredSignatureError, InvalidSignatureError, InvalidAudienceError, - ImmatureSignatureError, InvalidIssuerError + ImmatureSignatureError, InvalidIssuerError, DecodeError ) from flask_jwt_extended import ( @@ -279,3 +279,10 @@ def test_invalid_iss(app, default_access_token): with pytest.raises(InvalidIssuerError): with app.test_request_context(): decode_token(invalid_token) + + +def test_malformed_token(app): + invalid_token = 'foobarbaz' + with pytest.raises(DecodeError): + with app.test_request_context(): + decode_token(invalid_token) diff --git a/tests/test_view_decorators.py b/tests/test_view_decorators.py index 0317e722..4e51d8f1 100644 --- a/tests/test_view_decorators.py +++ b/tests/test_view_decorators.py @@ -216,7 +216,6 @@ def test_jwt_missing_claims(app): def test_jwt_invalid_audience(app): url = '/protected' - jwtM = get_jwt_manager(app) test_client = app.test_client() # No audience claim expected or provided - OK @@ -237,9 +236,9 @@ def test_jwt_invalid_audience(app): assert response.status_code == 422 assert response.get_json() == {'msg': 'Invalid audience'} + def test_jwt_invalid_issuer(app): url = '/protected' - jwtM = get_jwt_manager(app) test_client = app.test_client() # No issuer claim expected or provided - OK @@ -261,6 +260,16 @@ def test_jwt_invalid_issuer(app): assert response.get_json() == {'msg': 'Invalid issuer'} +def test_malformed_token(app): + url = '/protected' + test_client = app.test_client() + + access_token = 'foobarbaz' + response = test_client.get(url, headers=make_headers(access_token)) + assert response.status_code == 422 + assert response.get_json() == {'msg': 'Not enough segments'} + + @pytest.mark.parametrize("delta_func", [timedelta, relativedelta]) def test_expired_token(app, delta_func): url = '/protected'