Addressing comments

Author: luord

flask_jwt_extended/view_decorators.py

@@ -233,8 +233,9 @@ def _decode_jwt_from_json(request_type):
 
     try:
         encoded_token = request.json.get(token_key, None)
-        assert encoded_token
-    except (BadRequest, AssertionError):
+        if not encoded_token:
+            raise BadRequest()
+    except BadRequest:
         raise NoAuthorizationError('Missing "{}" key in json data.'.format(token_key))
 
     return decode_token(encoded_token)

tests/test_config.py

@@ -73,7 +73,7 @@ def test_default_configs(app):
 
 
 def test_override_configs(app):
-    app.config['JWT_TOKEN_LOCATION'] = ['cookies', 'query_string']
+    app.config['JWT_TOKEN_LOCATION'] = ['cookies', 'query_string', 'json']
     app.config['JWT_HEADER_NAME'] = 'TestHeader'
     app.config['JWT_HEADER_TYPE'] = 'TestType'
     app.config['JWT_JSON_KEY'] = 'TestKey'
@@ -120,11 +120,11 @@ class CustomJSONEncoder(JSONEncoder):
     app.json_encoder = CustomJSONEncoder
 
     with app.test_request_context():
-        assert config.token_location == ['cookies', 'query_string']
+        assert config.token_location == ['cookies', 'query_string', 'json']
         assert config.jwt_in_query_string is True
         assert config.jwt_in_cookies is True
         assert config.jwt_in_headers is False
-        assert config.jwt_in_json is False
+        assert config.jwt_in_json is True
         assert config.header_name == 'TestHeader'
         assert config.header_type == 'TestType'
         assert config.json_key == 'TestKey'

tests/test_json.py

@@ -66,7 +66,7 @@ def test_custom_body_key(app):
     assert response.status_code == 401
     assert response.get_json() == {'msg': 'Missing "Bar" key in json data.'}
 
-    # Ensure new headers do work
+    # Ensure new keys do work
     data = {'Foo': access_token}
     response = test_client.post('/protected', json=data)
     assert response.status_code == 200
@@ -83,16 +83,33 @@ def test_missing_keys(app):
     jwtM = get_jwt_manager(app)
     headers = {'content-type': 'application/json'}
 
-    # Ensure 'default' no headers response
+    # Ensure 'default' no json response
     response = test_client.post('/protected', headers=headers)
     assert response.status_code == 401
     assert response.get_json() == {'msg': 'Missing "access_token" key in json data.'}
 
-    # Test custom no headers response
+    # Test custom no json response
     @jwtM.unauthorized_loader
     def custom_response(err_str):
         return jsonify(foo='bar'), 201
 
     response = test_client.post('/protected', headers=headers)
     assert response.status_code == 201
     assert response.get_json() == {'foo': "bar"}
+
+def test_defaults(app):
+    test_client = app.test_client()
+
+    with app.test_request_context():
+        access_token = create_access_token('username')
+        refresh_token = create_refresh_token('username')
+
+    data = {'access_token': access_token}
+    response = test_client.post('/protected', json=data)
+    assert response.status_code == 200
+    assert response.get_json() == {'foo': 'bar'}
+
+    data = {'refresh_token': refresh_token}
+    response = test_client.post('/refresh', json=data)
+    assert response.status_code == 200
+    assert response.get_json() == {'foo': 'bar'}

tests/test_multiple_token_locations.py

@@ -10,7 +10,7 @@
 def app():
     app = Flask(__name__)
     app.config['JWT_SECRET_KEY'] = 'foobarbaz'
-    app.config['JWT_TOKEN_LOCATION'] = ['headers', 'cookies', 'query_string']
+    app.config['JWT_TOKEN_LOCATION'] = ['headers', 'cookies', 'query_string', 'json']
     JWTManager(app)
 
     @app.route('/cookie_login', methods=['GET'])
@@ -20,7 +20,7 @@ def cookie_login():
         set_access_cookies(resp, access_token)
         return resp
 
-    @app.route('/protected', methods=['GET'])
+    @app.route('/protected', methods=['GET', 'POST'])
     @jwt_required
     def access_protected():
         return jsonify(foo='bar')
@@ -58,6 +58,18 @@ def test_query_string_access(app):
     assert response.get_json() == {'foo': 'bar'}
 
 
+def test_json_access(app):
+    test_client = app.test_client()
+
+    with app.test_request_context():
+        access_token = create_access_token('username')
+
+    data = {'access_token': access_token}
+    response = test_client.post('/protected', json=data)
+    assert response.status_code == 200
+    assert response.get_json() == {'foo': 'bar'}
+
+
 @pytest.mark.parametrize("options", [
     (['cookies', 'headers'], ('Missing JWT in cookies or headers (Missing cookie '
                               '"access_token_cookie"; Missing Authorization Header)')),