Handle wrong OIDC tokens gracefully

If you copy and paste only part of a token then a general DecodeError is
raised. It's the parent class for all other related errors like for
expired signatures.

Now we just fail authentication instead of raising a server error.

engines/dfc_provider/app/services/authorization_control.rb

@@ -20,7 +20,7 @@ class AuthorizationControl
 
   def user
     oidc_user || ofn_api_user || ofn_user
-  rescue JWT::ExpiredSignature
+  rescue JWT::DecodeError
     nil
   end
 

engines/dfc_provider/spec/services/authorization_control_spec.rb

@@ -34,6 +34,12 @@ RSpec.describe AuthorizationControl do
 
       expect(auth(oidc_token: token).user).to eq nil
     end
+
+    it "ignores malformed tokens" do
+      token = "eyJhbGciOiJSUzI1NiIsInR5c"
+
+      expect(auth(oidc_token: token).user).to eq nil
+    end
   end
 
   describe "with OFN API token" do