diff --git a/flask_jwt_extended/config.py b/flask_jwt_extended/config.py index 9089b91f..11b16537 100644 --- a/flask_jwt_extended/config.py +++ b/flask_jwt_extended/config.py @@ -135,8 +135,8 @@ def refresh_json_key(self) -> str: return current_app.config["JWT_REFRESH_JSON_KEY"] @property - def csrf_protect(self) -> bool: - return self.jwt_in_cookies and current_app.config["JWT_COOKIE_CSRF_PROTECT"] + def cookie_csrf_protect(self) -> bool: + return current_app.config["JWT_COOKIE_CSRF_PROTECT"] @property def csrf_request_methods(self) -> Iterable[str]: diff --git a/flask_jwt_extended/jwt_manager.py b/flask_jwt_extended/jwt_manager.py index dfe45e0b..2bc00771 100644 --- a/flask_jwt_extended/jwt_manager.py +++ b/flask_jwt_extended/jwt_manager.py @@ -516,7 +516,7 @@ def _encode_jwt_from_config( algorithm=config.algorithm, audience=config.encode_audience, claim_overrides=claim_overrides, - csrf=config.csrf_protect, + csrf=config.cookie_csrf_protect, expires_delta=expires_delta, fresh=fresh, header_overrides=header_overrides, diff --git a/flask_jwt_extended/utils.py b/flask_jwt_extended/utils.py index 39ef65b6..8ddd2750 100644 --- a/flask_jwt_extended/utils.py +++ b/flask_jwt_extended/utils.py @@ -305,7 +305,7 @@ def set_access_cookies( samesite=config.cookie_samesite, ) - if config.csrf_protect and config.csrf_in_cookies: + if config.cookie_csrf_protect and config.csrf_in_cookies: response.set_cookie( config.access_csrf_cookie_name, value=get_csrf_token(encoded_access_token), @@ -358,7 +358,7 @@ def set_refresh_cookies( samesite=config.cookie_samesite, ) - if config.csrf_protect and config.csrf_in_cookies: + if config.cookie_csrf_protect and config.csrf_in_cookies: response.set_cookie( config.refresh_csrf_cookie_name, value=get_csrf_token(encoded_refresh_token), @@ -408,7 +408,7 @@ def unset_access_cookies(response: Response, domain: Optional[str] = None) -> No samesite=config.cookie_samesite, ) - if config.csrf_protect and config.csrf_in_cookies: + if config.cookie_csrf_protect and config.csrf_in_cookies: response.set_cookie( config.access_csrf_cookie_name, value="", @@ -446,7 +446,7 @@ def unset_refresh_cookies(response: Response, domain: Optional[str] = None) -> N samesite=config.cookie_samesite, ) - if config.csrf_protect and config.csrf_in_cookies: + if config.cookie_csrf_protect and config.csrf_in_cookies: response.set_cookie( config.refresh_csrf_cookie_name, value="", diff --git a/flask_jwt_extended/view_decorators.py b/flask_jwt_extended/view_decorators.py index b39a9395..407bea4d 100644 --- a/flask_jwt_extended/view_decorators.py +++ b/flask_jwt_extended/view_decorators.py @@ -244,7 +244,7 @@ def _decode_jwt_from_cookies(refresh: bool) -> Tuple[str, Optional[str]]: if not encoded_token: raise NoAuthorizationError('Missing cookie "{}"'.format(cookie_key)) - if config.csrf_protect and request.method in config.csrf_request_methods: + if config.cookie_csrf_protect and request.method in config.csrf_request_methods: csrf_value = request.headers.get(csrf_header_key, None) if not csrf_value and config.csrf_check_form: csrf_value = request.form.get(csrf_field_key, None) diff --git a/tests/test_config.py b/tests/test_config.py index 514d619e..f38bcfc4 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -51,7 +51,7 @@ def test_default_configs(app): assert config.json_key == "access_token" assert config.refresh_json_key == "refresh_token" - assert config.csrf_protect is False + assert config.cookie_csrf_protect is True assert config.csrf_request_methods == ["POST", "PUT", "PATCH", "DELETE"] assert config.csrf_in_cookies is True assert config.access_csrf_cookie_name == "csrf_access_token" @@ -142,7 +142,7 @@ def test_override_configs(app, delta_func): assert config.session_cookie is False assert config.cookie_samesite == "Strict" - assert config.csrf_protect is True + assert config.cookie_csrf_protect is True assert config.csrf_request_methods == ["GET"] assert config.csrf_in_cookies is False assert config.access_csrf_cookie_name == "access_csrf_cookie" @@ -333,17 +333,11 @@ def test_jwt_token_locations_config(app): def test_csrf_protect_config(app): with app.test_request_context(): - app.config["JWT_TOKEN_LOCATION"] = ["headers"] app.config["JWT_COOKIE_CSRF_PROTECT"] = True - assert config.csrf_protect is False + assert config.cookie_csrf_protect is True - app.config["JWT_TOKEN_LOCATION"] = ["cookies"] - app.config["JWT_COOKIE_CSRF_PROTECT"] = True - assert config.csrf_protect is True - - app.config["JWT_TOKEN_LOCATION"] = ["cookies"] app.config["JWT_COOKIE_CSRF_PROTECT"] = False - assert config.csrf_protect is False + assert config.cookie_csrf_protect is False def test_missing_algorithm_in_decode_algorithms(app):