authorization: raise a 401 error in the event that a JWT failes decoding

Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-28 18:26:32 -04:00 · 2021-05-28 18:26:32 -04:00 · 082134b9a0
parent 2db727e40f
commit 082134b9a0
1 changed files with 6 additions and 3 deletions
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@ -421,8 +421,11 @@ class Authorization:
        if public_key is None:
            raise self.server.error(
                f"Invalid JWT, user {username} not logged in", 401)
-        jwt.decode(token, [public_key], algorithms=['ES256'],
-                   audience="Moonraker")
+        try:
+            jwt.decode(token, [public_key], algorithms=['ES256'],
+                       audience="Moonraker")
+        except jwt.JWTError as e:
+            raise self.server.error(str(e), 401) from None
        return user_info

    def _load_private_key(self, secret: str) -> ec.EllipticCurvePrivateKey:
@ -433,7 +436,7 @@ class Authorization:
            raise self.server.error(
                "Error decoding private key, user data may"
                " be corrupt", 500) from None
-        return key
+        return cast(ec.EllipticCurvePrivateKey, key)

    def _prune_conn_handler(self) -> None:
        cur_time = time.time()