Fix handling of missing JWT in header

Landon Gilbert-Bland · Landon Gilbert-Bland · commit b4ccab5674fd · 2019-10-24T09:52:42.000-06:00
This was introduced in cb988e1 Fixes #282
diff --git a/flask_jwt_extended/view_decorators.py b/flask_jwt_extended/view_decorators.py
@@ -188,7 +188,7 @@ def _decode_jwt_from_headers():
     if header_type:
         field_values = split(r',\s*', auth_header)
         jwt_header = [s for s in field_values if s.split()[0] == header_type]
-        if len(jwt_header) < 1:
+        if len(jwt_header) < 1 or len(jwt_header[0].split()) != 2:
             msg = "Bad {} header. Expected value '{} <JWT>'".format(
                 header_name,
                 header_type
diff --git a/tests/test_headers.py b/tests/test_headers.py
@@ -151,6 +151,15 @@ def custom_response(err_str):
     assert response.get_json() == {'foo': "bar"}
 
 
+def test_header_without_jwt(app):
+    jwtM = get_jwt_manager(app)
+    test_client = app.test_client()
+
+    access_headers = {'Authorization': 'Bearer '}
+    response = test_client.get('/protected', headers=access_headers)
+    assert response.status_code == 422
+    assert response.get_json() == {'msg': "Bad Authorization header. Expected value 'Bearer <JWT>'"}
+
 def test_custom_error_msg_key(app):
     app.config['JWT_ERROR_MESSAGE_KEY'] = 'message'
     response = app.test_client().get('/protected', headers=None)
