From 52def773297b0a099d245f6aa7adea1c3b514c02 Mon Sep 17 00:00:00 2001 From: dtk Date: Thu, 28 Apr 2016 00:03:43 +0200 Subject: [PATCH] Catch `JWSError`s in `jwt.decode()` So far exceptions raised in `jws.verify()` weren't caught in the above function, which led to it raising (undocumented) exceptions from the underlying module. This commit transforms said exceptions. This includes cases of invalid payload padding, error handling for which had previously been attached to the `json.loads()` call. --- jose/jwt.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/jose/jwt.py b/jose/jwt.py index b5767fe1..e12d162e 100644 --- a/jose/jwt.py +++ b/jose/jwt.py @@ -10,6 +10,7 @@ from jose import jws +from .exceptions import JWSError from .exceptions import JWTClaimsError from .exceptions import JWTError from .exceptions import ExpiredSignatureError @@ -112,12 +113,14 @@ def decode(token, key, algorithms=None, options=None, audience=None, issuer=None defaults.update(options) verify_signature = defaults.get('verify_signature', True) - payload = jws.verify(token, key, algorithms, verify=verify_signature) + + try: + payload = jws.verify(token, key, algorithms, verify=verify_signature) + except JWSError as e: + raise JWTError(e) try: claims = json.loads(payload.decode('utf-8')) - except (TypeError, binascii.Error): - raise JWTError('Invalid payload padding') except ValueError as e: raise JWTError('Invalid payload string: %s' % e)