From 825a001a8b1a49428aeb62626022453992a003cf Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 2 Nov 2020 16:47:40 -0800
Subject: [PATCH] pass algorithm to jwt.decode() during login api_jwt.py : pass
 "algorithms" argument when calling decode(). This argument will be mandatory
 in a future version

---
 lemur/auth/service.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lemur/auth/service.py b/lemur/auth/service.py
index 0e1521b3..f954ce51 100644
--- a/lemur/auth/service.py
+++ b/lemur/auth/service.py
@@ -101,7 +101,8 @@ def login_required(f):
             return dict(message="Token is invalid"), 403
 
         try:
-            payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"])
+            header_data = fetch_token_header(token)
+            payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"], algorithms=[header_data["alg"]])
         except jwt.DecodeError:
             return dict(message="Token is invalid"), 403
         except jwt.ExpiredSignatureError: