Ignore options also in fresh_jwt_required and

ludusrusso · ludusrusso · commit fe5e5bf8311d · 2018-02-09T10:11:35.000+01:00
`jwt_refresh_token_required`, improve and add tests
diff --git a/flask_jwt_extended/config.py b/flask_jwt_extended/config.py
@@ -238,6 +238,6 @@ def user_claims_key(self):
 
     @property
     def exempt_methods(self):
-        return set(["OPTIONS"])
+        return {"OPTIONS"}
 
 config = _Config()
diff --git a/flask_jwt_extended/view_decorators.py b/flask_jwt_extended/view_decorators.py
@@ -38,7 +38,7 @@ def wrapper(*args, **kwargs):
             if not verify_token_claims(jwt_data[config.user_claims_key]):
                 raise UserClaimsVerificationError('User claims verification failed')
             _load_user(jwt_data[config.identity_claim_key])
-            return fn(*args, **kwargs)
+        return fn(*args, **kwargs)
     return wrapper
 
 
@@ -82,19 +82,20 @@ def fresh_jwt_required(fn):
     """
     @wraps(fn)
     def wrapper(*args, **kwargs):
-        jwt_data = _decode_jwt_from_request(request_type='access')
-        ctx_stack.top.jwt = jwt_data
-        fresh = jwt_data['fresh']
-        if isinstance(fresh, bool):
-            if not fresh:
-                raise FreshTokenRequired('Fresh token required')
-        else:
-            now = timegm(datetime.utcnow().utctimetuple())
-            if fresh < now:
-                raise FreshTokenRequired('Fresh token required')
-        if not verify_token_claims(jwt_data[config.user_claims_key]):
-            raise UserClaimsVerificationError('User claims verification failed')
-        _load_user(jwt_data[config.identity_claim_key])
+        if request.method not in config.exempt_methods:
+            jwt_data = _decode_jwt_from_request(request_type='access')
+            ctx_stack.top.jwt = jwt_data
+            fresh = jwt_data['fresh']
+            if isinstance(fresh, bool):
+                if not fresh:
+                    raise FreshTokenRequired('Fresh token required')
+            else:
+                now = timegm(datetime.utcnow().utctimetuple())
+                if fresh < now:
+                    raise FreshTokenRequired('Fresh token required')
+            if not verify_token_claims(jwt_data[config.user_claims_key]):
+                raise UserClaimsVerificationError('User claims verification failed')
+            _load_user(jwt_data[config.identity_claim_key])
         return fn(*args, **kwargs)
     return wrapper
 
@@ -108,9 +109,10 @@ def jwt_refresh_token_required(fn):
     """
     @wraps(fn)
     def wrapper(*args, **kwargs):
-        jwt_data = _decode_jwt_from_request(request_type='refresh')
-        ctx_stack.top.jwt = jwt_data
-        _load_user(jwt_data[config.identity_claim_key])
+        if request.method not in config.exempt_methods:
+            jwt_data = _decode_jwt_from_request(request_type='refresh')
+            ctx_stack.top.jwt = jwt_data
+            _load_user(jwt_data[config.identity_claim_key])
         return fn(*args, **kwargs)
     return wrapper
 
diff --git a/tests/test_options_method.py b/tests/test_options_method.py
@@ -1,5 +1,7 @@
 from flask import Flask, Blueprint
-from flask_jwt_extended import JWTManager, jwt_required, create_access_token
+from flask_jwt_extended import (
+    JWTManager, jwt_required, fresh_jwt_required, jwt_refresh_token_required
+    )
 import pytest
 
 @pytest.fixture(scope='function')
@@ -8,27 +10,42 @@ def app():
     app.config['JWT_SECRET_KEY'] = 'secret'
     JWTManager(app)
 
-    protected_bp = Blueprint('protected', __name__)
-
-    # This protects the entire blueprint,
-    # Also the OPTIONS method
-    @protected_bp.before_request
+    @app.route('/jwt_required', methods=["GET", "OPTIONS"])
     @jwt_required
-    def protect():
-        pass
+    def jwt_required_endpoint():
+        return b'ok'
+
+    @app.route('/fresh_jwt_required', methods=["GET", "OPTIONS"])
+    @fresh_jwt_required
+    def fresh_jwt_required_endpoint():
+        return b'ok'
+
+    @app.route('/jwt_refresh_token_required', methods=["GET", "OPTIONS"])
+    @jwt_refresh_token_required
+    def jwt_refresh_token_required_endpoint():
+        return b'ok'
+
 
-    @protected_bp.route('/protected', methods=["GET"])
-    @jwt_required
-    def protected():
-        return 'ok'
 
-    app.register_blueprint(protected_bp)
     return app
 
-def test_access_protected_enpoint(app):
-    client = app.test_client()
-    assert client.get('/protected').status_code == 401 # ok
+def test_access_jwt_required_enpoint(app):
+    # Test the options method shoud not be
+    # affected by jwt required
+    res = app.test_client().options('/jwt_required')
+    assert res.status_code == 200
+    assert res.data == b'ok'
+
+def test_access_jwt_refresh_token_required_enpoint(app):
+    # Test the options method shoud not be
+    # affected by jwt required
+    res = app.test_client().options('/jwt_refresh_token_required')
+    assert res.status_code == 200
+    assert res.data == b'ok'
 
-def test_access_protected_enpoint_options(app):
-    client = app.test_client()
-    assert client.options('/protected').status_code == 200 # test fails
+def test_access_fresh_jwt_required_enpoint(app):
+    # Test the options method shoud not be
+    # affected by jwt required
+    res = app.test_client().options('/fresh_jwt_required')
+    assert res.status_code == 200
+    assert res.data == b'ok'
