Better default messages for NoAuthorizationError (refs #16)

vimalloc · Oct 29, 2016 · b78b1fc · b78b1fc
1 parent c96bb90
commit b78b1fc
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/docs/changing_default_behavior.rst b/docs/changing_default_behavior.rst
@@ -27,7 +27,7 @@ Possible loader functions are:
       - Takes one argument - an error string indicating why the token is invalid
     * - **unauthorized_loader**
       - Function to call when a request with no JWT accesses a protected endpoint
-      - None
+      - Takes one argument - an error string indicating why the request in unauthorized
     * - **needs_fresh_token_loader**
       - Function to call when a non-fresh token accesses a **fresh_jwt_required** endpoint
       - None

diff --git a/flask_jwt_extended/jwt_manager.py b/flask_jwt_extended/jwt_manager.py
@@ -25,8 +25,8 @@ def __init__(self, app=None):
 
         # Function that will be called when attempting to access a protected
         # endpoint without a valid token
-        self._unauthorized_callback = lambda: (
-            jsonify({'msg': 'Missing Authorization Header'}), 401
+        self._unauthorized_callback = lambda err: (
+            jsonify({'msg': err}), 401
         )
 
         # Function that will be called when attempting to access a fresh_jwt_required
@@ -54,7 +54,7 @@ def init_app(self, app):
 
         @app.errorhandler(NoAuthorizationError)
         def handle_auth_error(e):
-            return self._unauthorized_callback()
+            return self._unauthorized_callback(str(e))
 
         @app.errorhandler(ExpiredSignatureError)
         def handle_expired_error(e):

diff --git a/tests/test_jwt_manager.py b/tests/test_jwt_manager.py
@@ -56,7 +56,7 @@ def test_default_invalid_token_callback(self):
     def test_default_unauthorized_callback(self):
         with self.app.test_request_context():
             m = JWTManager(self.app)
-            result = m._unauthorized_callback()
+            result = m._unauthorized_callback("Missing Authorization Header")
             status_code, data = self._parse_callback_result(result)
 
             self.assertEqual(status_code, 401)
@@ -124,10 +124,10 @@ def test_custom_unauthorized_callback(self):
             m = JWTManager(self.app)
 
             @m.unauthorized_loader
-            def custom_unauthorized():
-                return jsonify({"err": "GOTTA LOGIN FOOL"}), 200
+            def custom_unauthorized(err_str):
+                return jsonify({"err": err_str}), 200
 
-            result = m._unauthorized_callback()
+            result = m._unauthorized_callback("GOTTA LOGIN FOOL")
             status_code, data = self._parse_callback_result(result)
 
             self.assertEqual(status_code, 200)