pass algorithm to jwt.decode() during login
api_jwt.py : pass "algorithms" argument when calling decode(). This argument will be mandatory in a future version
This commit is contained in:
parent
d88da028b1
commit
825a001a8b
@ -101,7 +101,8 @@ def login_required(f):
|
|||||||
return dict(message="Token is invalid"), 403
|
return dict(message="Token is invalid"), 403
|
||||||
|
|
||||||
try:
|
try:
|
||||||
payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"])
|
header_data = fetch_token_header(token)
|
||||||
|
payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"], algorithms=[header_data["alg"]])
|
||||||
except jwt.DecodeError:
|
except jwt.DecodeError:
|
||||||
return dict(message="Token is invalid"), 403
|
return dict(message="Token is invalid"), 403
|
||||||
except jwt.ExpiredSignatureError:
|
except jwt.ExpiredSignatureError:
|
||||||
|
Loading…
Reference in New Issue
Block a user