Catch previously uncaught jwt exceptions added in python client 5.5.0

This fixes the test in the previous commit and means we will catch other unexpected jwt errors which are now raised as `TokenError`s and raise an AuthError based on this. This will stop us serving 5xx to users when we don't catch an exception. Also runs make freeze-requirements
2025-12-16 02:02:13 -05:00 · 2020-01-24 17:29:43 +00:00
parent ba21d04080
commit 7a019df5a2
2 changed files with 6 additions and 3 deletions
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -1,7 +1,7 @@
 from flask import request, _request_ctx_stack, current_app, g
 from notifications_python_client.authentication import decode_jwt_token, get_token_issuer
 from notifications_python_client.errors import (
-    TokenDecodeError, TokenExpiredError, TokenIssuerError, TokenAlgorithmError
+    TokenDecodeError, TokenExpiredError, TokenIssuerError, TokenAlgorithmError, TokenError
 )
 from notifications_utils import request_helper
 from sqlalchemy.exc import DataError
@@ -93,6 +93,9 @@ def requires_auth():
            raise AuthError(err_msg, 403, service_id=service.id, api_key_id=api_key.id)
        except TokenDecodeError:
            continue
+        except TokenError:
+            err_msg = 'Invalid token: signature, api token is not valid'
+            raise AuthError(err_msg, 403, service_id=service.id, api_key_id=api_key.id)

        if api_key.expiry_date:
            raise AuthError("Invalid token: API key revoked", 403, service_id=service.id, api_key_id=api_key.id)
--- a/requirements.txt
+++ b/requirements.txt
@@ -36,13 +36,13 @@ alembic==1.4.0
 amqp==1.4.9
 anyjson==0.3.3
 attrs==19.3.0
-awscli==1.17.16
+awscli==1.17.17
 bcrypt==3.1.7
 billiard==3.3.0.23
 bleach==3.1.0
 boto==2.49.0
 boto3==1.10.38
-botocore==1.14.16
+botocore==1.14.17
 certifi==2019.11.28
 chardet==3.0.4
 Click==7.0