From b57c2cfc17abbd023a7731d645f02714520a1e35 Mon Sep 17 00:00:00 2001 From: Federico Cardoso Date: Tue, 1 Aug 2017 18:08:24 -0300 Subject: [PATCH 1/2] Fix for #74 do not fail with empty request to /auth in simple.py , also using request.get_json() --- examples/simple.py | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/examples/simple.py b/examples/simple.py index 53727348..cbb6d753 100644 --- a/examples/simple.py +++ b/examples/simple.py @@ -13,15 +13,19 @@ # function is used to actually generate the token @app.route('/login', methods=['POST']) def login(): - username = request.json.get('username', None) - password = request.json.get('password', None) - if username != 'test' or password != 'test': - return jsonify({"msg": "Bad username or password"}), 401 - - # Identity can be any data that is json serializable - ret = {'access_token': create_access_token(identity=username)} - return jsonify(ret), 200 - + if request.is_json: + params = request.get_json() + if 'username' in params.keys() and 'password' in params.keys(): + if params['username'] != 'test' or params['password'] != 'test': + return jsonify({"msg": "Bad username or password"}), 401 + else: + return jsonify({"msg": "Missing auth parameters"}), 401 + + # Identity can be any data that is json serializable + ret = {'access_token': create_access_token(identity=params['username'])} + return jsonify(ret), 200 + else: + return jsonify({"msg": "Missing auth"}), 401 # Protect a view with jwt_required, which requires a valid access token # in the request to access. From f42956d4116ee510381ce2a39a2aab9ccbc4fbcb Mon Sep 17 00:00:00 2001 From: Federico Cardoso Date: Tue, 1 Aug 2017 21:32:41 -0300 Subject: [PATCH 2/2] Updated #75 removed nested if and avoid using keys() as suggested --- examples/simple.py | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/examples/simple.py b/examples/simple.py index cbb6d753..487c21c5 100644 --- a/examples/simple.py +++ b/examples/simple.py @@ -13,19 +13,20 @@ # function is used to actually generate the token @app.route('/login', methods=['POST']) def login(): - if request.is_json: - params = request.get_json() - if 'username' in params.keys() and 'password' in params.keys(): - if params['username'] != 'test' or params['password'] != 'test': - return jsonify({"msg": "Bad username or password"}), 401 - else: - return jsonify({"msg": "Missing auth parameters"}), 401 - - # Identity can be any data that is json serializable - ret = {'access_token': create_access_token(identity=params['username'])} - return jsonify(ret), 200 - else: + if not request.is_json: return jsonify({"msg": "Missing auth"}), 401 + params = request.get_json() + if 'username' in params and 'password' in params: + if params['username'] != 'test' or params['password'] != 'test': + return jsonify({"msg": "Bad username or password"}), 401 + else: + return jsonify({"msg": "Missing auth parameters"}), 401 + + # Identity can be any data that is json serializable + ret = {'access_token': create_access_token(identity=params['username'])} + return jsonify(ret), 200 + + # Protect a view with jwt_required, which requires a valid access token # in the request to access.