pass algorithm to jwt.decode() during login

api_jwt.py : pass "algorithms" argument when calling decode(). This argument will be mandatory in a future version
This commit is contained in:
sayali 2020-11-02 16:47:40 -08:00
parent d88da028b1
commit 825a001a8b

View File

@ -101,7 +101,8 @@ def login_required(f):
return dict(message="Token is invalid"), 403 return dict(message="Token is invalid"), 403
try: try:
payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"]) header_data = fetch_token_header(token)
payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"], algorithms=[header_data["alg"]])
except jwt.DecodeError: except jwt.DecodeError:
return dict(message="Token is invalid"), 403 return dict(message="Token is invalid"), 403
except jwt.ExpiredSignatureError: except jwt.ExpiredSignatureError: