Add a test for auth-ing with non-existant service

If you create a token signed with a service ID that doesn’t exist, you
will get an error (as you should).

However we didn’t have a test that explicitly checks for this. This
commit adds one.

tests/app/authentication/test_authentication.py

@@ -192,6 +192,28 @@ def test_authentication_returns_error_when_admin_client_has_no_secrets(notify_ap
             notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
 
 
+def test_authentication_returns_error_when_service_doesnt_exit(
+    notify_api,
+    notify_db,
+    notify_db_session,
+    sample_service,
+    fake_uuid
+):
+    with notify_api.test_request_context(), notify_api.test_client() as client:
+        # get service ID and secret the wrong way around
+        token = create_jwt_token(
+            secret=str(sample_service.id),
+            client_id=fake_uuid
+        )
+        response = client.get(
+            '/service',
+            headers={'Authorization': 'Bearer {}'.format(token)}
+        )
+        assert response.status_code == 403
+        error_message = json.loads(response.get_data())
+        assert error_message['message'] == {'token': ['Invalid token: no api keys for service']}
+
+
 def test_authentication_returns_error_when_service_has_no_secrets(notify_api,
                                                                   notify_db,
                                                                   notify_db_session,