pass algorithm to jwt.decode() during login

api_jwt.py : pass "algorithms" argument when calling decode(). This argument will be mandatory in a future version
2020-11-02 16:47:40 -08:00 · 2020-11-02 16:47:40 -08:00 · 825a001a8b
commit 825a001a8b
parent d88da028b1
1 changed files with 2 additions and 1 deletions
--- a/lemur/auth/service.py
+++ b/lemur/auth/service.py
@ -101,7 +101,8 @@ def login_required(f):
            return dict(message="Token is invalid"), 403

        try:
-            payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"])
+            header_data = fetch_token_header(token)
+            payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"], algorithms=[header_data["alg"]])
        except jwt.DecodeError:
            return dict(message="Token is invalid"), 403
        except jwt.ExpiredSignatureError: