diff options
author | José Padilla <jpadilla@webapplicate.com> | 2015-06-23 06:30:45 -0400 |
---|---|---|
committer | José Padilla <jpadilla@webapplicate.com> | 2015-06-23 06:30:45 -0400 |
commit | 63cda82d0bb4c15b8408eb9214684d9373c30829 (patch) | |
tree | d00d34f65682f3615fd72082f4a6ed14182b9eb7 | |
parent | 151c84e3ede03f3ee7c2c2130316e63d560cf26d (diff) | |
parent | d98520007878c1e3a08ee9f94c3fa6ceb02ab667 (diff) | |
download | pyjwt-63cda82d0bb4c15b8408eb9214684d9373c30829.tar.gz |
Merge pull request #171 from alexm92/master
Fixed #167 throw InvalidAlgorithmError if alg not in header
-rw-r--r-- | jwt/api_jws.py | 2 | ||||
-rw-r--r-- | tests/test_api_jws.py | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/jwt/api_jws.py b/jwt/api_jws.py index 13b6214..0c61c7d 100644 --- a/jwt/api_jws.py +++ b/jwt/api_jws.py @@ -165,7 +165,7 @@ class PyJWS(object): def _verify_signature(self, payload, signing_input, header, signature, key='', algorithms=None): - alg = header['alg'] + alg = header.get('alg') if algorithms is not None and alg not in algorithms: raise InvalidAlgorithmError('The specified alg value is not allowed') diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py index 9395ae8..9aa8b85 100644 --- a/tests/test_api_jws.py +++ b/tests/test_api_jws.py @@ -270,6 +270,16 @@ class TestJWS: assert 'Signature verification' in str(exc.value) + def test_verify_signature_with_no_algo_header_throws_exception(self, jws, payload): + example_jws = ( + b'e30' + b'.eyJhIjo1fQ' + b'.KEh186CjVw_Q8FadjJcaVnE7hO5Z9nHBbU8TgbhHcBY' + ) + + with pytest.raises(InvalidAlgorithmError): + jws.decode(example_jws, 'secret') + def test_invalid_crypto_alg(self, jws, payload): with pytest.raises(NotImplementedError): jws.encode(payload, 'secret', algorithm='HS1024') |