From d076ba56ac61bef9ad163c4ede8fa94426512997 Mon Sep 17 00:00:00 2001
From: Lee <294622946@qq.com>
Date: Mon, 30 Dec 2024 14:40:02 +0800
Subject: [PATCH] fix: a unexpected token

---
 flask_jwt_extended/view_decorators.py | 2 +-
 tests/test_view_decorators.py         | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/flask_jwt_extended/view_decorators.py b/flask_jwt_extended/view_decorators.py
index 407bea4d..b7dbca04 100644
--- a/flask_jwt_extended/view_decorators.py
+++ b/flask_jwt_extended/view_decorators.py
@@ -202,7 +202,7 @@ def _decode_jwt_from_headers() -> Tuple[str, None]:
     # <HeaderName>: <field> <value>, <field> <value>, etc...
     if header_type:
         field_values = split(r",\s*", auth_header)
-        jwt_headers = [s for s in field_values if s.split()[0] == header_type]
+        jwt_headers = [s for s in field_values if s and s.split()[0] == header_type]
         if len(jwt_headers) != 1:
             msg = (
                 f"Missing '{header_type}' type in '{header_name}' header. "
diff --git a/tests/test_view_decorators.py b/tests/test_view_decorators.py
index 4c0274f1..0fe03d53 100644
--- a/tests/test_view_decorators.py
+++ b/tests/test_view_decorators.py
@@ -253,6 +253,13 @@ def test_jwt_optional_with_no_valid_jwt(app):
     assert response.status_code == 422
     assert response.get_json() == {"msg": "Not enough segments"}
 
+    # Unexpected token
+    response = test_client.get(url, headers={"Authorization": "Bearer ,,0"})
+    assert response.status_code == 422
+    assert response.get_json() == {
+        "msg": "Bad Authorization header. Expected 'Authorization: Bearer <JWT>'"
+    }
+
 
 def test_override_jwt_location(app):
     app.config["JWT_TOKEN_LOCATION"] = ["cookies"]