From 0ab1ca446c8770dec50cbc38f158433b42b35118 Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Thu, 18 Jan 2024 14:51:04 -0500
Subject: [PATCH] force user logout if token cannot be decoded w/ burnettk

---
 .../spiffworkflow_backend/routes/authentication_controller.py  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
index 7b7d672b3..dfc03c227 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
@@ -440,7 +440,8 @@ def _get_decoded_token(token: str) -> dict:
     try:
         decoded_token: dict = AuthenticationService.parse_jwt_token(_get_authentication_identifier_from_request(), token)
     except Exception as e:
-        raise ApiError(error_code="invalid_token", message="Cannot decode token.") from e
+        AuthenticationService.set_user_has_logged_out()
+        raise ApiError(error_code="invalid_token", message="Cannot decode token.", status_code=401) from e
     else:
         if "iss" in decoded_token:
             return decoded_token