fix: invalid format jwt token cause 500 error

xyb · Mar 10, 2023 · 5ea1923 · 5ea1923
1 parent 1a84abb
commit 5ea1923
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 2 deletions.
diff --git a/drf_passwordless_jwt/serializers.py b/drf_passwordless_jwt/serializers.py
@@ -3,6 +3,8 @@
 from drfpasswordless.serializers import EmailAuthSerializer
 from rest_framework import serializers
 
+import jwt
+
 from .utils import decode_jwt
 
 
@@ -20,6 +22,6 @@ class JWTSerializer(serializers.Serializer):
  def validate_token(self, value):
  try:
  value = decode_jwt(value)
- except jwt.ExpiredSignatureError:
- raise serializers.ValidationError('token expired')
+ except jwt.exceptions.PyJWTError:
+ raise serializers.ValidationError
  return value
diff --git a/drf_passwordless_jwt/tests.py b/drf_passwordless_jwt/tests.py
@@ -1,4 +1,5 @@
 import os
+import re
 from unittest.mock import patch
 
 from django.core import mail
@@ -7,7 +8,13 @@
 from rest_framework import status
 from rest_framework.test import APITestCase
 
+from .serializers import EmailAuthWhiteListSerializer
 
+
+@override_settings(
+ EMAIL_BACKEND="django.core.mail.backends.locmem.EmailBackend",
+ EMAIL_WHITE_LIST=r"^.*@test.com",
+)
 class TaskTest(APITestCase):
  @override_settings(EMAIL_BACKEND="django.core.mail.backends.locmem.EmailBackend")
  def test_token_email(self):
@@ -32,6 +39,23 @@ def test_token_email(self):
  self.assertEqual(msg.from_email, '[email protected]')
  self.assertEqual(msg.to, ['[email protected]'])
 
+ def test_invalid_email(self):
+ # monkey patch white list setting
+ EmailAuthWhiteListSerializer.email_regex.regex = re.compile(r"^.*@test.com")
+
+ response = self.client.post(
+ reverse("auth_email_token"),
+ {"email": "[email protected]"},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+ self.assertEqual(
+ response.json(),
+ {'email': ['email address not in white list']},
+ )
+ self.assertEqual(len(mail.outbox), 0)
+
  @patch.dict(os.environ, {"EMAIL_TEST_ACCOUNT_a_at_a_com": "123456"})
  def test_auth_jwt_token(self):
  response = self.client.post(
@@ -45,6 +69,19 @@ def test_auth_jwt_token(self):
  self.assertEqual(list(json.keys()), ['email', 'token'])
  self.assertEqual(json['email'], '[email protected]')
 
+ def test_invalid_login_token(self):
+ response = self.client.post(
+ reverse("auth_jwt_token"),
+ {"email": "[email protected]", "token": "123456"},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+ self.assertEqual(
+ response.json(),
+ {'token': ["The token you entered isn't valid."]},
+ )
+
  @patch.dict(os.environ, {"EMAIL_TEST_ACCOUNT_a_at_a_com": "123456"})
  def test_verify_jwt_token(self):
  response = self.client.post(
@@ -64,3 +101,21 @@ def test_verify_jwt_token(self):
  json = response.json()
  self.assertEqual(list(json.keys()), ['email', 'exp'])
  self.assertEqual(json['email'], '[email protected]')
+
+ def test_invalid_jwt_token(self):
+ response = self.client.post(
+ reverse("verify_jwt_token"),
+ {"token": 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZW1haWwiOiJhQGEuY29tIiwiaWF0IjoxNTE2MjM5MDIyfQ.mmqUsu7kpT7M9QUYj69X1TNVCyatAPgky9JXtrSuHrU'},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+ def test_wrong_format_jwt_token(self):
+ response = self.client.post(
+ reverse("verify_jwt_token"),
+ {"token": 'abc'},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)