Merge pull request #89 from GabrielInTheWorld/of-exception-handling

Catches jwt.exceptions.InvalidSignatureError

auth/libraries/pip-auth/authlib/test/test_authenticate.py

@@ -5,6 +5,7 @@
 from urllib import parse
 from ..constants import COOKIE_NAME, HEADER_NAME, USER_ID_PROPERTY
 from datetime import datetime
+from ..exceptions import InvalidCredentialsException
 
 
 class TestAuthenticate(BaseTestEnvironment):
@@ -27,12 +28,12 @@ def test_authenticate_without_access_token(self):
 
     def test_authenticate_with_malified_access_token(self):
         cookie = self.fake_request.login()[1]
-        with self.assertRaises(jwt.exceptions.InvalidSignatureError):
+        with self.assertRaises(InvalidCredentialsException):
             self.auth_handler.authenticate(self.get_malified_access_token(), cookie)
 
     def test_authenticate_with_wrong_access_token(self):
         cookie = self.fake_request.login()[1]
-        with self.assertRaises(jwt.exceptions.InvalidSignatureError):
+        with self.assertRaises(InvalidCredentialsException):
             self.auth_handler.authenticate(self.get_invalid_access_token(), cookie)
 
     def test_authenticate_with_expired_access_token(self):

auth/libraries/pip-auth/authlib/validator.py

@@ -40,6 +40,8 @@ def verify(
             return self.__verify_ticket(token_encoded, cookie_encoded), None
         except jwt.exceptions.ExpiredSignatureError:
             return self.__verify_ticket_from_auth_service(token_encoded, cookie_encoded)
+        except jwt.exceptions.InvalidSignatureError:
+            raise InvalidCredentialsException("The signature of the jwt is invalid")
 
     def __verify_ticket(self, token_encoded: str, cookie_encoded: str) -> int:
         self.debug_fn("Validator.__verify_ticket")