fix: a unexpected token (#567)

Author: Dog-Egg

flask_jwt_extended/view_decorators.py

@@ -202,7 +202,7 @@ def _decode_jwt_from_headers() -> Tuple[str, None]:
     # <HeaderName>: <field> <value>, <field> <value>, etc...
     if header_type:
         field_values = split(r",\s*", auth_header)
-        jwt_headers = [s for s in field_values if s.split()[0] == header_type]
+        jwt_headers = [s for s in field_values if s and s.split()[0] == header_type]
         if len(jwt_headers) != 1:
             msg = (
                 f"Missing '{header_type}' type in '{header_name}' header. "

tests/test_view_decorators.py

@@ -253,6 +253,13 @@ def test_jwt_optional_with_no_valid_jwt(app):
     assert response.status_code == 422
     assert response.get_json() == {"msg": "Not enough segments"}
 
+    # Unexpected token
+    response = test_client.get(url, headers={"Authorization": "Bearer ,,0"})
+    assert response.status_code == 422
+    assert response.get_json() == {
+        "msg": "Bad Authorization header. Expected 'Authorization: Bearer <JWT>'"
+    }
+
 
 def test_override_jwt_location(app):
     app.config["JWT_TOKEN_LOCATION"] = ["cookies"]