Merge pull request mpdavis#18 from 0x64746b/feature/return_unverified…

…_claims_as_dict Make `get_unverified_claims()` return a dict
theashguy · Apr 28, 2016 · b4b871f · b4b871f
2 parents ff5bf5c + 4545536
commit b4b871f
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/jose/jws.py b/jose/jws.py
@@ -118,7 +118,7 @@ def get_unverified_claims(token):
  token (str): A signed JWS to decode the headers from.
 
  Returns:
- dict: The dict representation of the token claims.
+ str: The str representation of the token claims.
 
  Raises:
  JWSError: If there is an exception decoding the token.

diff --git a/jose/jwt.py b/jose/jwt.py
@@ -184,6 +184,14 @@ def get_unverified_claims(token):
  except:
  raise JWTError('Error decoding token claims.')
 
+ try:
+ claims = json.loads(claims.decode('utf-8'))
+ except ValueError as e:
+ raise JWTError('Invalid claims string: %s' % e)
+
+ if not isinstance(claims, Mapping):
+ raise JWTError('Invalid claims string: must be a json object')
+
  return claims
 
 

diff --git a/tests/test_jwt.py b/tests/test_jwt.py
@@ -402,3 +402,17 @@ def test_jti_invalid(self, key):
  token = jwt.encode(claims, key)
  with pytest.raises(JWTError):
  jwt.decode(token, key)
+
+ def test_unverified_claims_string(self):
+ token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.aW52YWxpZCBjbGFpbQ.iOJ5SiNfaNO_pa2J4Umtb3b3zmk5C18-mhTCVNsjnck'
+ with pytest.raises(JWTError):
+ jwt.get_unverified_claims(token)
+
+ def test_unverified_claims_list(self):
+ token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.WyJpbnZhbGlkIiwgImNsYWltcyJd.nZvw_Rt1FfUPb5OiVbrSYZGtWSE5c-gdJ6nQnTTBkYo'
+ with pytest.raises(JWTError):
+ jwt.get_unverified_claims(token)
+
+ def test_unverified_claims_object(self, claims, key):
+ token = jwt.encode(claims, key)
+ assert jwt.get_unverified_claims(token) == claims