Stop 500's on a non-JSON /auth request

pallets-eco / flask-jwt

JWT (JSON Web Tokens) for Flask applications

MIT License

564 stars 177 forks source link

Stop 500's on a non-JSON /auth request #75

Open DavidCain opened 8 years ago

DavidCain commented 8 years ago

When the request is not JSON (and the force flag is False), Flask's get_json() will return None.

If somebody POSTs to /auth with a non-JSON mimetype, the server will 500 with 'NoneType' object has no attribute 'get'.

This fixes this behavior in the default auth_request_handler.

timofurrer commented 8 years ago

What about this one?

DavidCain commented 8 years ago

@mattupstate, any input on this one? It closes a pretty easy mechanism for invoking 500's.

dequis commented 8 years ago

This one is basically the same as #70

DavidCain commented 8 years ago

@dequis it's similar, but actually catches errors not handled by #70. If you were to pass a string or array with a valid JSON mimetype, request.get_json() will return something truthy. Then, the later call to data.get would raise an AttributeError, as neither strings nor lists implement a get method.

That said, if I'd seen #70, I probably would have just left this as a comment instead of making a new PR.