From beb6fc73ef3991981a30cc7b4559be0d332f9af7 Mon Sep 17 00:00:00 2001 From: nthmost Date: Mon, 21 Nov 2016 15:33:25 -0800 Subject: [PATCH] protect against missing JSON data raise JWTError with message "No JSON data received" when _default_auth_request_handler receives a request that did not contain a JSON payload. --- flask_jwt/__init__.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/flask_jwt/__init__.py b/flask_jwt/__init__.py index f864b78..d567b2e 100644 --- a/flask_jwt/__init__.py +++ b/flask_jwt/__init__.py @@ -112,6 +112,9 @@ def _default_request_handler(): def _default_auth_request_handler(): data = request.get_json() + if data is none: + raise JWTError('Bad Request', 'No JSON data received.') + username = data.get(current_app.config.get('JWT_AUTH_USERNAME_KEY'), None) password = data.get(current_app.config.get('JWT_AUTH_PASSWORD_KEY'), None) criterion = [username, password, len(data) == 2]