From 7d0dad948c715d037baa67b2a6f2bbd745e471da Mon Sep 17 00:00:00 2001
From: Donny Winston <donny@polyneme.xyz>
Date: Tue, 20 Feb 2024 12:47:59 -0500
Subject: [PATCH] fix: auth error should be 4xx, not 500

traceback:
```
  File "/code/nmdc_runtime/api/models/user.py", line 59, in get_current_user
    payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
  File "/usr/local/lib/python3.10/site-packages/jose/jwt.py", line 142, in decode
    payload = jws.verify(token, key, algorithms, verify=verify_signature)
  File "/usr/local/lib/python3.10/site-packages/jose/jws.py", line 70, in verify
    header, payload, signing_input, signature = _load(token)
  File "/usr/local/lib/python3.10/site-packages/jose/jws.py", line 176, in _load
    signing_input, crypto_segment = jwt.rsplit(b".", 1)
AttributeError: 'NoneType' object has no attribute 'rsplit'
```
---
 nmdc_runtime/api/models/user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nmdc_runtime/api/models/user.py b/nmdc_runtime/api/models/user.py
index dd803f59..63bace60 100644
--- a/nmdc_runtime/api/models/user.py
+++ b/nmdc_runtime/api/models/user.py
@@ -64,7 +64,7 @@ async def get_current_user(
             raise credentials_exception
         username = subject.split("user:", 1)[1]
         token_data = TokenData(subject=username)
-    except JWTError as e:
+    except (JWTError, AttributeError) as e:
         print(f"jwt error: {e}")
         raise credentials_exception
     user = get_user(mdb, username=token_data.subject)