BOM-1845 (#136)

Latest drf-jwt is causing failures for any other auth header value other than jwt. Fixed that issue in JwtAuthentication class. Bump the version.
openedx · Jul 19, 2020 · 1f98132 · 1f98132
1 parent 5b26b53
commit 1f98132
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -14,6 +14,16 @@ Unreleased
 
 *
 
+[6.1.1] - 2020-07-19
+--------------------
+
+Fixed
+~~~~~~~
+
+* Latest `drf-jwt` is throwing error in case of any other Authorization Header. Fixing that issue in `JwtAuthentication` class.
+
+
+
 [6.1.0] - 2020-06-26
 --------------------
 

diff --git a/edx_rest_framework_extensions/__init__.py b/edx_rest_framework_extensions/__init__.py
@@ -1,3 +1,3 @@
 """ edx Django REST Framework extensions. """
 
-__version__ = '6.1.0'  # pragma: no cover
+__version__ = '6.1.1'  # pragma: no cover
diff --git a/edx_rest_framework_extensions/auth/jwt/authentication.py b/edx_rest_framework_extensions/auth/jwt/authentication.py
@@ -59,6 +59,12 @@ def get_jwt_claim_mergeable_attributes(self):
         return get_setting('JWT_PAYLOAD_MERGEABLE_USER_ATTRIBUTES')
 
     def authenticate(self, request):
+        # latest drf-jwt version throws error for any other value other than jwt. So returns None and pass it to other
+        # Authentication class
+        auth_header_value = request.environ.get('HTTP_AUTHORIZATION')
+        if auth_header_value and not auth_header_value.lower().startswith('jwt'):
+            return None
+
         try:
             user_and_auth = super(JwtAuthentication, self).authenticate(request)
 

diff --git a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py
@@ -205,3 +205,16 @@ def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
 
         decoded_jwt = authentication.get_decoded_jwt_from_auth(mock_request_with_cookie)
         self.assertEqual(expected_decoded_jwt, decoded_jwt)
+
+    def test_with_explicitly_jwt_authorization(self):
+        """ With JWT header it continues and validates the credentials and throws error. """
+        auth_header = '{token_name} {token}'.format(token_name='JWT', token='wrongvalue')
+        request = RequestFactory().get('/', HTTP_AUTHORIZATION=auth_header)
+        with self.assertRaises(AuthenticationFailed):
+            JwtAuthentication().authenticate(request)
+
+    def test_jwt_returns_none_for_bearer_header(self):
+        """ Returns a None for bearer header request. """
+        auth_header = '{token_name} {token}'.format(token_name='Bearer', token='abc123')
+        request = RequestFactory().get('/', HTTP_AUTHORIZATION=auth_header)
+        self.assertIsNone(JwtAuthentication().authenticate(request))
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,16 @@ Unreleased @@
     *
+    [6.1.1] - 2020-07-19
+    --------------------
+    Fixed
+    ~~~~~~~
+    * Latest `drf-jwt` is throwing error in case of any other Authorization Header. Fixing that issue in `JwtAuthentication` class.
     [6.1.0] - 2020-06-26
     --------------------
@@ Expand Down @@