Catch previously uncaught jwt exceptions added in python client 5.5.0

This fixes the test in the previous commit and means we will catch other
unexpected jwt errors which are now raised as `TokenError`s and raise an
AuthError based on this.

This will stop us serving 5xx to users when we don't catch an exception.

Also runs make freeze-requirements

app/authentication/auth.py

@@ -1,7 +1,7 @@
 from flask import request, _request_ctx_stack, current_app, g
 from notifications_python_client.authentication import decode_jwt_token, get_token_issuer
 from notifications_python_client.errors import (
-    TokenDecodeError, TokenExpiredError, TokenIssuerError, TokenAlgorithmError
+    TokenDecodeError, TokenExpiredError, TokenIssuerError, TokenAlgorithmError, TokenError
 )
 from notifications_utils import request_helper
 from sqlalchemy.exc import DataError
@@ -93,6 +93,9 @@ def requires_auth():
             raise AuthError(err_msg, 403, service_id=service.id, api_key_id=api_key.id)
         except TokenDecodeError:
             continue
+        except TokenError:
+            err_msg = 'Invalid token: signature, api token is not valid'
+            raise AuthError(err_msg, 403, service_id=service.id, api_key_id=api_key.id)
 
         if api_key.expiry_date:
             raise AuthError("Invalid token: API key revoked", 403, service_id=service.id, api_key_id=api_key.id)

requirements.txt

@@ -36,13 +36,13 @@ alembic==1.4.0
 amqp==1.4.9
 anyjson==0.3.3
 attrs==19.3.0
-awscli==1.17.16
+awscli==1.17.17
 bcrypt==3.1.7
 billiard==3.3.0.23
 bleach==3.1.0
 boto==2.49.0
 boto3==1.10.38
-botocore==1.14.16
+botocore==1.14.17
 certifi==2019.11.28
 chardet==3.0.4
 Click==7.0