fix: treat invalid jwt as 401 (#444)

Author: Panaetius

components/renku_data_services/base_api/error_handler.py

@@ -7,6 +7,7 @@
 from sqlite3 import Error as SqliteError
 from typing import Any, Optional, Protocol, TypeVar, Union
 
+import jwt
 from asyncpg import exceptions as postgres_exceptions
 from pydantic import ValidationError as PydanticValidationError
 from sanic import HTTPResponse, Request, SanicException, json
@@ -129,6 +130,8 @@ def default(self, request: Request, exception: Exception) -> HTTPResponse:
                 formatted_exception = errors.ValidationError(
                     message="The provided input is too large to be stored in the database"
                 )
+            case jwt.exceptions.InvalidTokenError():
+                formatted_exception = errors.InvalidTokenError()
         self.log(request, formatted_exception)
         if formatted_exception.status_code == 500 and "PYTEST_CURRENT_TEST" in os.environ:
             # TODO: Figure out how to do logging properly in here, I could not get the sanic logs to show up from here

components/renku_data_services/errors/errors.py

@@ -45,6 +45,13 @@ class UnauthorizedError(BaseError):
     quiet: bool = True
 
 
+@dataclass
+class InvalidTokenError(UnauthorizedError):
+    """The supplied jwt is invalid."""
+
+    message: str = "The supplied credentials (jwt) are not valid."
+
+
 @dataclass
 class ForbiddenError(BaseError):
     """Raised when the provided credentials do not grant permission for the current operation."""