added some test to make sure headers / cookies are handled correctly …

…with jwt

src/encoded/authentication.py

@@ -210,9 +210,10 @@ def get_jwt(request):
         auth_type = request.headers['Authorization'][:6]
         if auth_type.strip().lower() == 'bearer':
             return request.headers['Authorization'][7:]
-        return None
     except (ValueError, TypeError, KeyError):
-        return request.cookies.get('jwtToken', None)
+        pass
+
+    return request.cookies.get('jwtToken', None)
 
 
 @view_config(route_name='login', request_method='POST',

src/encoded/tests/test_auth0.py

@@ -52,6 +52,7 @@ class FakeRequest(object):
 
         def __init__(self):
             self.headers = headers
+            self.cookies = {}
 
     return FakeRequest()
 
@@ -63,7 +64,15 @@ def test_get_jwt_gets_bearer_auth(fake_request, auth0_access_token):
 def test_get_jwt_skips_basic_auth(fake_request):
     fake_request.headers['Authorization'] = 'Basic test_token'
     jwt = get_jwt(fake_request)
-    assert jwt is None 
+    assert jwt is None
+
+
+def test_get_jwt_falls_back_to_cookie(fake_request):
+    fake_request.cookies['jwtToken'] = 'test_token'
+    fake_request.headers['Authorization'] = 'Basic test_token'
+    jwt = get_jwt(fake_request)
+    assert jwt == 'test_token'
+
 
 def test_login_unknown_user(anontestapp, auth0_4dn_user_token):
     res = anontestapp.post_json('/login', auth0_4dn_user_token, status=403)