search

vimalloc / flask-jwt-extended

An open source Flask extension that provides JWT support (with batteries included)!
http://flask-jwt-extended.readthedocs.io/en/stable/
MIT License
1.56k stars 239 forks source link

Plz add function about _decode_jwt_from_session #503

Closed momentforever closed 1 year ago

momentforever commented 2 years ago

Description of the new feature / enhancement

add LocationType about get JWT from session(not from cookie).

Supporting information

def _decode_jwt_from_session(refresh: bool) -> Tuple[str, Optional[str]]:
    from flask import session
    if refresh:
        cookie_key = config.refresh_cookie_name
        csrf_header_key = config.refresh_csrf_header_name
        csrf_field_key = config.refresh_csrf_field_name
    else:
        cookie_key = config.access_cookie_name
        csrf_header_key = config.access_csrf_header_name
        csrf_field_key = config.access_csrf_field_name

    encoded_token = session.get(cookie_key)
    if not encoded_token:
        raise NoAuthorizationError('Missing cookie "{}"'.format(cookie_key))

    if config.csrf_protect and request.method in config.csrf_request_methods:
        csrf_value = request.headers.get(csrf_header_key, None)
        if not csrf_value and config.csrf_check_form:
            csrf_value = request.form.get(csrf_field_key, None)
        if not csrf_value:
            raise CSRFError("Missing CSRF token")
    else:
        csrf_value = None

    return encoded_token, csrf_value
vimalloc commented 1 year ago

Seems reasonable. I can add this to my list of things to accomplish when time allows, or if you would like to make a PR to add this functionality, that is always welcome!