Merge pull request #18 from 0x64746b/feature/return_unverified_claims_as_dict

Michael Davis · Michael Davis · commit b4b871f302e2 · 2016-04-27T19:44:29.000-05:00
Make `get_unverified_claims()` return a dict
diff --git a/jose/jws.py b/jose/jws.py
@@ -118,7 +118,7 @@ def get_unverified_claims(token):
         token (str): A signed JWS to decode the headers from.
 
     Returns:
-        dict: The dict representation of the token claims.
+        str: The str representation of the token claims.
 
     Raises:
         JWSError: If there is an exception decoding the token.
diff --git a/jose/jwt.py b/jose/jwt.py
@@ -184,6 +184,14 @@ def get_unverified_claims(token):
     except:
         raise JWTError('Error decoding token claims.')
 
+    try:
+        claims = json.loads(claims.decode('utf-8'))
+    except ValueError as e:
+        raise JWTError('Invalid claims string: %s' % e)
+
+    if not isinstance(claims, Mapping):
+        raise JWTError('Invalid claims string: must be a json object')
+
     return claims
 
 
diff --git a/tests/test_jwt.py b/tests/test_jwt.py
@@ -402,3 +402,17 @@ def test_jti_invalid(self, key):
         token = jwt.encode(claims, key)
         with pytest.raises(JWTError):
             jwt.decode(token, key)
+
+    def test_unverified_claims_string(self):
+        token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.aW52YWxpZCBjbGFpbQ.iOJ5SiNfaNO_pa2J4Umtb3b3zmk5C18-mhTCVNsjnck'
+        with pytest.raises(JWTError):
+            jwt.get_unverified_claims(token)
+
+    def test_unverified_claims_list(self):
+        token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.WyJpbnZhbGlkIiwgImNsYWltcyJd.nZvw_Rt1FfUPb5OiVbrSYZGtWSE5c-gdJ6nQnTTBkYo'
+        with pytest.raises(JWTError):
+            jwt.get_unverified_claims(token)
+
+    def test_unverified_claims_object(self, claims, key):
+        token = jwt.encode(claims, key)
+        assert jwt.get_unverified_claims(token) == claims
