added JWT present check

openedx · Apr 26, 2019 · fbe18f7 · fbe18f7
1 parent d84c030
commit fbe18f7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/edx_rbac/utils.py b/edx_rbac/utils.py
@@ -79,6 +79,8 @@ def request_user_has_implicit_access_via_jwt(decoded_jwt, role_name, context=Non
             'coupon-manager': ['coupon-management']
         }
     """
+    if not decoded_jwt:
+        return False
     jwt_roles_claim = decoded_jwt.get('roles', [])
 
     feature_roles = {}

diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -139,6 +139,16 @@ def test_request_user_has_no_implicit_access_via_jwt(self):
             'superuser-access',
         )
 
+    def test_request_user_has_no_implicit_access_when_jwt_absent(self):
+        """
+        Helper function should return False when JWT is absent
+        """
+        toy_decoded_jwt = None
+        assert not request_user_has_implicit_access_via_jwt(
+            toy_decoded_jwt,
+            'superuser-access',
+        )
+
     def test_request_user_has_implicit_access_via_jwt_with_context(self):
         """
         Helper function should discern what roles user has based on role data