From 99be8e52e34a16289bfb3aa8ded8da59d89da632 Mon Sep 17 00:00:00 2001 From: Yash Date: Wed, 14 Nov 2018 09:54:25 +0530 Subject: [PATCH] Defence against non json requests --- flask_jwt/__init__.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/flask_jwt/__init__.py b/flask_jwt/__init__.py index f864b78..fe34de8 100644 --- a/flask_jwt/__init__.py +++ b/flask_jwt/__init__.py @@ -111,7 +111,13 @@ def _default_request_handler(): def _default_auth_request_handler(): - data = request.get_json() + data = dict() + + try: + data = request.get_json() + except: + raise JWTError('Bad Request', 'Request payload must be in json format.') + username = data.get(current_app.config.get('JWT_AUTH_USERNAME_KEY'), None) password = data.get(current_app.config.get('JWT_AUTH_PASSWORD_KEY'), None) criterion = [username, password, len(data) == 2]