Merge pull request jazzband#56 from dominicmarmont/master

Fix a crash when an empty AUTHORIZATION header is sent

Author: davesque

rest_framework_simplejwt/authentication.py

@@ -66,6 +66,10 @@ def get_raw_token(self, header):
         """
         parts = header.split()
 
+        if len(parts) == 0:
+            # Empty AUTHORIZATION header sent
+            return None
+
         if parts[0] not in AUTH_HEADER_TYPE_BYTES:
             # Assume the header does not contain a JSON web token
             return None

tests/test_authentication.py

@@ -48,6 +48,9 @@ def test_get_raw_token(self):
             self.assertIsNone(self.backend.get_raw_token(self.fake_header))
         reload_module(authentication)
 
+        # Should return None if an empty AUTHORIZATION header is sent
+        self.assertIsNone(self.backend.get_raw_token(b''))
+
         # Should raise error if header is malformed
         with self.assertRaises(AuthenticationFailed):
             self.backend.get_raw_token(b'Bearer one two')