fix: handle expired tokens properly

johnsca · thisisshi · commit b53632d5e933 · 2024-02-29T16:12:00.000-08:00
In PR #31, invalid token errors were changed to surface rather than be ignored. However, since expired tokens weren't handled separately, they were inadvertently included and surfaced as errors when that specific case of "invalid" should actually just be treated as unauthorized (i.e., ignored) and redirected to the Console to be replaced / updated.
diff --git a/redash/authentication/jwt_auth.py b/redash/authentication/jwt_auth.py
@@ -124,6 +124,9 @@ def verify_jwt_token(
             # Any other issue with the token means it has a fundamental issue so
             # if we send them to the login page it could cause a redirect loop.
             raise
+        except PyJWTError as e:
+            logger.error("Rejecting JWT token for key %d: %s", i, e)
+            continue
         except Exception as e:
             logger.exception("Error processing JWT token: %s", e)
             raise InvalidTokenError("Error processing token") from e
