Fix using alternative header name for JWTs

vimalloc · vimalloc · commit 5c7558e09726 · 2016-12-22T18:37:06.000-07:00
diff --git a/flask_jwt_extended/utils.py b/flask_jwt_extended/utils.py
@@ -18,7 +18,7 @@
     get_cookie_csrf_protect, get_access_csrf_cookie_name, \
     get_refresh_cookie_name, get_refresh_cookie_path, \
     get_refresh_csrf_cookie_name, get_token_location, \
-    get_csrf_header_name
+    get_csrf_header_name, get_jwt_header_name
 from flask_jwt_extended.exceptions import JWTEncodeError, JWTDecodeError, \
     InvalidHeaderError, NoAuthorizationError, WrongTokenError, \
     FreshTokenRequired
@@ -153,13 +153,14 @@ def _decode_jwt(token, secret, algorithm):
 
 def _decode_jwt_from_headers():
     # Verify we have the auth header
-    auth_header = request.headers.get('Authorization', None)
-    if not auth_header:
+    header_name = get_jwt_header_name()
+    jwt_header = request.headers.get(header_name, None)
+    if not jwt_header:
         raise NoAuthorizationError("Missing Authorization Header")
 
     # Make sure the header is valid
     expected_header = get_jwt_header_type()
-    parts = auth_header.split()
+    parts = jwt_header.split()
     if not expected_header:
         if len(parts) != 1:
             msg = "Badly formatted authorization header. Should be '<JWT>'"
diff --git a/tests/test_protected_endpoints.py b/tests/test_protected_endpoints.py
@@ -312,14 +312,16 @@ def test_different_headers(self):
 
         self.app.config['JWT_HEADER_TYPE'] = 'Bearer'
         self.app.config['JWT_HEADER_NAME'] = 'Auth'
-        status, data = self._jwt_get('/protected', access_token, header_name='Auth')
+        status, data = self._jwt_get('/protected', access_token, header_name='Auth',
+                                     header_type='Bearer')
         self.assertIn('msg', data)
-        self.assertEqual(status, 401)
-
-        status, data = self._jwt_get('/protected', access_token, header_name='Authorization')
-        self.assertEqual(data, {'msg': 'hello world'})
         self.assertEqual(status, 200)
 
+        status, data = self._jwt_get('/protected', access_token, header_name='Authorization',
+                                     header_type='Bearer')
+        self.assertIn('msg', data)
+        self.assertEqual(status, 401)
+
 
 class TestEndpointsWithCookies(unittest.TestCase):
 
