Merge pull request #7 from stanhu/master

Handle missing fields in JWT payload

Author: jpadilla

rest_framework_jwt/authentication.py

@@ -62,9 +62,14 @@ def authenticate_credentials(self, payload):
         Returns an active user that matches the payload's user id and email.
         """
         try:
-            user_id = payload['user_id']
-            email = payload['email']
-            user = User.objects.get(pk=user_id, email=email, is_active=True)
+            user_id = payload.get('user_id')
+            email = payload.get('email')
+
+            if user_id and email:
+                user = User.objects.get(pk=user_id, email=email, is_active=True)
+            else:
+                msg = 'Invalid payload'
+                raise exceptions.AuthenticationFailed(msg)
         except User.DoesNotExist:
             msg = 'Invalid signature'
             raise exceptions.AuthenticationFailed(msg)

rest_framework_jwt/tests/test_authentication.py

@@ -203,3 +203,19 @@ def test_post_passing_oauth2_with_jwt_auth_priority(self):
             HTTP_AUTHORIZATION=auth, format='json')
 
         self.assertEqual(response.status_code, status.HTTP_200_OK, response)
+
+    def test_post_form_passing_jwt_invalid_payload(self):
+        """
+        Ensure POSTing json over JWT auth with invalid payload fails
+        """
+        payload = dict(user_id=1, email=None)
+        token = utils.jwt_encode_handler(payload)
+
+        auth = 'JWT {0}'.format(token)
+        response = self.csrf_client.post(
+            '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+
+        msg = 'Invalid payload'
+
+        self.assertEqual(response.data['detail'], msg)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)