From 082134b9a045551caeea7bec18596eef5df7f771 Mon Sep 17 00:00:00 2001
From: Eric Callahan <arksine.code@gmail.com>
Date: Fri, 28 May 2021 18:26:32 -0400
Subject: [PATCH] authorization: raise a 401 error in the event that  a JWT
 failes decoding

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/components/authorization.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index b594d17..6c8b22f 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -421,8 +421,11 @@ class Authorization:
         if public_key is None:
             raise self.server.error(
                 f"Invalid JWT, user {username} not logged in", 401)
-        jwt.decode(token, [public_key], algorithms=['ES256'],
-                   audience="Moonraker")
+        try:
+            jwt.decode(token, [public_key], algorithms=['ES256'],
+                       audience="Moonraker")
+        except jwt.JWTError as e:
+            raise self.server.error(str(e), 401) from None
         return user_info
 
     def _load_private_key(self, secret: str) -> ec.EllipticCurvePrivateKey:
@@ -433,7 +436,7 @@ class Authorization:
             raise self.server.error(
                 "Error decoding private key, user data may"
                 " be corrupt", 500) from None
-        return key
+        return cast(ec.EllipticCurvePrivateKey, key)
 
     def _prune_conn_handler(self) -> None:
         cur_time = time.time()