force user logout if token cannot be decoded w/ burnettk

This commit is contained in:
jasquat 2024-01-18 14:51:04 -05:00
parent 11384c2a47
commit 0ab1ca446c
No known key found for this signature in database
1 changed files with 2 additions and 1 deletions

View File

@ -440,7 +440,8 @@ def _get_decoded_token(token: str) -> dict:
try: try:
decoded_token: dict = AuthenticationService.parse_jwt_token(_get_authentication_identifier_from_request(), token) decoded_token: dict = AuthenticationService.parse_jwt_token(_get_authentication_identifier_from_request(), token)
except Exception as e: except Exception as e:
raise ApiError(error_code="invalid_token", message="Cannot decode token.") from e AuthenticationService.set_user_has_logged_out()
raise ApiError(error_code="invalid_token", message="Cannot decode token.", status_code=401) from e
else: else:
if "iss" in decoded_token: if "iss" in decoded_token:
return decoded_token return decoded_token