Skip to content

Use the order of values in JWT_TOKEN_LOCATION to set order of precedence #256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 3, 2019
Merged

Use the order of values in JWT_TOKEN_LOCATION to set order of precedence #256

merged 4 commits into from
Jul 3, 2019

Conversation

@stephendwolff
Copy link
Contributor

@stephendwolff stephendwolff commented Jul 2, 2019

I've added the update to run the token validation in the order set in JWT_TOKEN_LOCATION, and this allows a valid token earlier in the list to authenticate the user, and invalid to be ignored if later.

This suits my use case - but perhaps another option could be to require no invalid tokens?

I wrote a couple of tests, and fixed one of the error messages in the existing multiple token location test.

Also, I added a note to the configuration options documentation for JWT_TOKEN_LOCATION

@pep8speaks
Copy link

pep8speaks commented Jul 2, 2019
edited
Loading

Hello @stephendwolff! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found:

There are currently no PEP 8 issues detected in this Pull Request. Cheers! 🍻

Comment last updated at 2019-07-03 15:13:56 UTC

@coveralls
Copy link

coveralls commented Jul 2, 2019
edited
Loading

Coverage Status

Coverage remained the same at 100.0% when pulling 35dcbe5 on stephendwolff:master into 854bc2e on vimalloc:master.

vimalloc
vimalloc requested changes Jul 2, 2019
View reviewed changes
Copy link
Owner

@vimalloc vimalloc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor thing, otherwise looks great!

flask_jwt_extended/view_decorators.py Outdated

# add the functions in the order specified in JWT_TOKEN_LOCATION
for location in locations:
if location == 'cookies' and config.jwt_in_cookies:
Copy link
Owner

@vimalloc vimalloc Jul 2, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can get rid of the config.jwt_in_cookies (et al) from these if statements, as they are doing the same check that we are doing here.

Copy link
Contributor Author

@stephendwolff stephendwolff Jul 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point!

@vimalloc
Copy link
Owner

vimalloc commented Jul 2, 2019

I think the way you have it where if there is a valid token higher up in the token location list supersedes an invalid token later in token location list makes the most sense 👍

@vimalloc vimalloc merged commit e1d51a5 into vimalloc:master Jul 3, 2019
@vimalloc
Copy link
Owner

vimalloc commented Jul 3, 2019

Looks great! Thanks for contributing! I'll get a new version released momentarily.

@vimalloc vimalloc mentioned this pull request Jul 3, 2019
Closed
@vimalloc vimalloc mentioned this pull request Sep 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vimalloc vimalloc vimalloc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@stephendwolff @pep8speaks @coveralls @vimalloc