Handle jwt decoding error, fix exception default messages

Using a badly formatted token resulted in an error 500 from zuul-web.
Return a more precise error message and an error 401 in zuul-web when
this occurs.

Also fix a typo in default messages for some auth-related exceptions.

Change-Id: I4abe013e76ac51c3dad7ccd969ffe79f5cb459e3

1 files changed, 27 insertions, 0 deletions

diff --git a/tests/unit/test_web.py b/tests/unit/test_web.py
index 4b696534b..81861c916 100644
--- a/tests/unit/test_web.py
+++ b/tests/unit/test_web.py
@@ -1740,6 +1740,33 @@ class TestTenantScopedWebApi(BaseTestWeb):
                   'pipeline': 'check'})
         self.assertEqual(401, resp.status_code)
 
+    def test_bad_format_JWT_token(self):
+        token = 'thisisnotwhatatokenshouldbelike'
+        resp = self.post_url(
+            "api/tenant/tenant-one/project/org/project/autohold",
+            headers={'Authorization': 'Bearer %s' % token},
+            json={'job': 'project-test1',
+                  'count': 1,
+                  'reason': 'because',
+                  'node_hold_expiration': 36000})
+        self.assertEqual(401, resp.status_code)
+        resp = self.post_url(
+            "api/tenant/tenant-one/project/org/project/enqueue",
+            headers={'Authorization': 'Bearer %s' % token},
+            json={'trigger': 'gerrit',
+                  'change': '2,1',
+                  'pipeline': 'check'})
+        self.assertEqual(401, resp.status_code)
+        resp = self.post_url(
+            "api/tenant/tenant-one/project/org/project/enqueue",
+            headers={'Authorization': 'Bearer %s' % token},
+            json={'trigger': 'gerrit',
+                  'ref': 'abcd',
+                  'newrev': 'aaaa',
+                  'oldrev': 'bbbb',
+                  'pipeline': 'check'})
+        self.assertEqual(401, resp.status_code)
+
     def test_expired_JWT_token(self):
         authz = {'iss': 'zuul_operator',
                  'sub': 'testuser',