Optimize jwt_decode_handler

1. There is no need to decode the payload without verification first, in
   case `api_settings.JWT_PUBLIC_KEY` is used.
2. It also skips decoding in case
   `api_settings.JWT_GET_USER_SECRET_KEY` is not used.
   This might be a problem in case somebody is monkey-patching
   `jwt_get_secret_key`, but that should not be considered stable/public
   API, should it?

Author: blueyed

rest_framework_jwt/utils.py

@@ -97,15 +97,21 @@ def jwt_encode_handler(payload):
 
 
 def jwt_decode_handler(token):
+    key = api_settings.JWT_PUBLIC_KEY
+    if not key:
+        if api_settings.JWT_GET_USER_SECRET_KEY:
+            # get user from token, BEFORE verification, to get user secret key
+            unverified_payload = jwt.decode(token, None, False)
+            key = jwt_get_secret_key(unverified_payload)
+        else:
+            key = api_settings.JWT_SECRET_KEY
+
     options = {
         'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
     }
-    # get user from token, BEFORE verification, to get user secret key
-    unverified_payload = jwt.decode(token, None, False)
-    secret_key = jwt_get_secret_key(unverified_payload)
     return jwt.decode(
         token,
-        api_settings.JWT_PUBLIC_KEY or secret_key,
+        key,
         api_settings.JWT_VERIFY,
         options=options,
         leeway=api_settings.JWT_LEEWAY,