Skip to content
This repository has been archived by the owner on May 26, 2020. It is now read-only.

jwt_get_secret_key check if user exists #384

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

jwt_get_secret_key check if user exists #384

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions rest_framework_jwt/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,12 @@ def jwt_get_secret_key(payload=None):
"""
if api_settings.JWT_GET_USER_SECRET_KEY:
User = get_user_model() # noqa: N806
user = User.objects.get(pk=payload.get('user_id'))
key = str(api_settings.JWT_GET_USER_SECRET_KEY(user))
return key
try:
user = User.objects.get(pk=payload.get('user_id'))
key = str(api_settings.JWT_GET_USER_SECRET_KEY(user))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code should be outside of this try ... except block. So it should look like below:

try:
    user = User.objects.get(pk=payload.get('user_id'))
except User.DoesNotExist:
    raise jwt.InvalidTokenError()
else:
    return str(api_settings.JWT_GET_USER_SECRET_KEY(user))

return key
except User.DoesNotExist:
pass
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jwt.InvalidTokenError() exception should be raised, for sure there is not place for pass statement. Please take a look into the BaseJSONWebTokenAuthentication class where InvalidTokenError exception is handled.

return api_settings.JWT_SECRET_KEY


Expand Down