Fix expired token callback using decode_token()

Refs #234

Author: vimalloc

flask_jwt_extended/utils.py

@@ -1,5 +1,6 @@
 from flask import current_app
 from werkzeug.local import LocalProxy
+from jwt import ExpiredSignatureError
 from warnings import warn
 
 try:
@@ -93,17 +94,32 @@ def decode_token(encoded_token, csrf_value=None, allow_expired=False):
         warn(msg, DeprecationWarning)
         secret = jwt_manager._decode_key_callback(unverified_claims)
 
-    return decode_jwt(
-        encoded_token=encoded_token,
-        secret=secret,
-        algorithm=config.algorithm,
-        identity_claim_key=config.identity_claim_key,
-        user_claims_key=config.user_claims_key,
-        csrf_value=csrf_value,
-        audience=config.audience,
-        leeway=config.leeway,
-        allow_expired=allow_expired
-    )
+    try:
+        return decode_jwt(
+            encoded_token=encoded_token,
+            secret=secret,
+            algorithm=config.algorithm,
+            identity_claim_key=config.identity_claim_key,
+            user_claims_key=config.user_claims_key,
+            csrf_value=csrf_value,
+            audience=config.audience,
+            leeway=config.leeway,
+            allow_expired=allow_expired
+        )
+    except ExpiredSignatureError:
+        expired_token = decode_jwt(
+            encoded_token=encoded_token,
+            secret=secret,
+            algorithm=config.algorithm,
+            identity_claim_key=config.identity_claim_key,
+            user_claims_key=config.user_claims_key,
+            csrf_value=csrf_value,
+            audience=config.audience,
+            leeway=config.leeway,
+            allow_expired=True
+        )
+        ctx_stack.top.expired_jwt = expired_token
+        raise
 
 
 def _get_jwt_manager():

flask_jwt_extended/view_decorators.py

@@ -3,7 +3,6 @@
 from calendar import timegm
 
 from werkzeug.exceptions import BadRequest
-from jwt import ExpiredSignatureError
 
 from flask import request
 try:
@@ -266,11 +265,6 @@ def _decode_jwt_from_request(request_type):
             encoded_token, csrf_token = get_encoded_token_function()
             decoded_token = decode_token(encoded_token, csrf_token)
             break
-        except ExpiredSignatureError:
-            # Save the expired token so we can access it in a callback later
-            expired_data = decode_token(encoded_token, csrf_token, allow_expired=True)
-            ctx_stack.top.expired_jwt = expired_data
-            raise
         except NoAuthorizationError as e:
             errors.append(str(e))
 

tests/test_view_decorators.py

@@ -6,7 +6,8 @@
 
 from flask_jwt_extended import (
     jwt_required, fresh_jwt_required, JWTManager, jwt_refresh_token_required,
-    jwt_optional, create_access_token, create_refresh_token, get_jwt_identity
+    jwt_optional, create_access_token, create_refresh_token, get_jwt_identity,
+    decode_token
 )
 from tests.utils import make_headers, encode_token, get_jwt_manager
 
@@ -277,6 +278,26 @@ def custom_response(token):
         assert len(w) == 0
 
 
+def test_expired_token_via_decode_token(app):
+    jwtM = get_jwt_manager(app)
+
+    @jwtM.expired_token_loader
+    def depreciated_custom_response(expired_token):
+        assert expired_token['identity'] == 'username'
+        return jsonify(msg='foobar'), 401
+
+    @app.route('/test')
+    def test_route():
+        token = create_access_token('username', expires_delta=timedelta(minutes=-1))
+        decode_token(token)
+        return jsonify(msg='baz'), 200
+
+    test_client = app.test_client()
+    response = test_client.get('/test')
+    assert response.get_json() == {'msg': 'foobar'}
+    assert response.status_code == 401
+
+
 def test_no_token(app):
     url = '/protected'
     jwtM = get_jwt_manager(app)