TTMK/web2.0-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix try-catch for jwt verification

Browse Source
This commit is contained in:
Aarni Halinen
2022-07-24 21:02:35 +03:00
parent 9b53fb4bc0
commit dd0254a08e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
webapp/views.py
+2 -2
View File
@@ -1,7 +1,7 @@
"""Webapp views."""
from jwt import decode
from jwt.exceptions import InvalidSignatureError
from jwt.exceptions import InvalidTokenError
from django.utils import timezone
from django.conf import settings
from django.http import HttpResponse, JsonResponse
@@ -344,7 +344,7 @@ def nginx_jwt_resp(request, *args, **kwargs):
# This also verifies the signature.
# See https://pyjwt.readthedocs.io/en/latest/usage.html#reading-the-claimset-without-validation
token = decode(accessKey, settings.SECRET_KEY, algorithms=["HS256"])
except InvalidSignatureError:
except InvalidTokenError:
return HttpResponse("", status=403)
user = "admin" if token.get("username", "") == "admin" else "moderator"
resp = HttpResponse("", status=200)