Catch JWSErrors in jwt.decode()

So far exceptions raised in `jws.verify()` weren't caught in the above function, which led to it raising (undocumented) exceptions from the underlying module. This commit transforms said exceptions. This includes cases of invalid payload padding, error handling for which had previously been attached to the `json.loads()` call.
theashguy · Apr 27, 2016 · 52def77 · 52def77
1 parent ff5bf5c
commit 52def77
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/jose/jwt.py b/jose/jwt.py
@@ -10,6 +10,7 @@
 
 from jose import jws
 
+from .exceptions import JWSError
 from .exceptions import JWTClaimsError
 from .exceptions import JWTError
 from .exceptions import ExpiredSignatureError
@@ -112,12 +113,14 @@ def decode(token, key, algorithms=None, options=None, audience=None, issuer=None
  defaults.update(options)
 
  verify_signature = defaults.get('verify_signature', True)
- payload = jws.verify(token, key, algorithms, verify=verify_signature)
+
+ try:
+ payload = jws.verify(token, key, algorithms, verify=verify_signature)
+ except JWSError as e:
+ raise JWTError(e)
 
  try:
  claims = json.loads(payload.decode('utf-8'))
- except (TypeError, binascii.Error):
- raise JWTError('Invalid payload padding')
  except ValueError as e:
  raise JWTError('Invalid payload string: %s' % e)