Merge "Handle jwt decoding error, fix exception default messages"

zuul/lib/auth.py

@@ -74,10 +74,14 @@ class AuthenticatorRegistry(object):
         cpb.capabilities_registry.register_capabilities('auth', capabilities)
 
     def authenticate(self, rawToken):
-        unverified = jwt.decode(rawToken, options={'verify_signature': False})
-        for auth_name in self.authenticators:
-            authenticator = self.authenticators[auth_name]
-            if authenticator.issuer_id == unverified.get('iss', ''):
-                return authenticator.authenticate(rawToken)
+        try:
+            unverified = jwt.decode(rawToken,
+                                    options={'verify_signature': False})
+            for auth_name in self.authenticators:
+                authenticator = self.authenticators[auth_name]
+                if authenticator.issuer_id == unverified.get('iss', ''):
+                    return authenticator.authenticate(rawToken)
+        except jwt.exceptions.DecodeError:
+            raise exceptions.AuthTokenUndecodedException(self.default_realm)
         # No known issuer found, use default realm
         raise exceptions.IssuerUnknownError(self.default_realm)