InvalidJWT Root Cause Invalid JWT: Not enough segments #635
Description
STR:
Load https://marketplace-dev.allizom.org/mozpay/?req={jwt}%22 (from Netsparker, which is a fuzzer)
Exception:
InvalidJWT Root Cause
Invalid JWT: Not enough segments
Stacktrace (most recent call last):
File "django/core/handlers/base.py", line 113, in get_response
response = callback(request, _callback_args, *_callback_kwargs)
File "newrelic/packages/wrapt/wrappers.py", line 452, in call
args, kwargs)
File "newrelic/hooks/framework_django.py", line 485, in wrapper
return wrapped(_args, *_kwargs)
File "django_paranoia/decorators.py", line 31, in inner
return func(request, _args, *_kwargs)
File "webpay/spa/views.py", line 25, in index
if jwt and _get_issuer(jwt) == settings.KEY:
File "mozpay/verify.py", line 200, in _get_issuer
app_req = _get_json(signed_request)
File "mozpay/verify.py", line 186, in _get_json
_re_raise_as(InvalidJWT, 'Invalid JWT: %s' % exc)
File "mozpay/verify.py", line 184, in _get_json
app_req = jwt.decode(signed_request, verify=False)
File "jwt/api.py", line 113, in decode
payload, signing_input, header, signature = self._load(jwt)
File "jwt/api.py", line 128, in _load
raise DecodeError('Not enough segments')
Sentry: http://sentry.dmz.phx1.mozilla.com/marketplace-dev/marketplace-dev-webpay/group/27928/