Fixed auth check to return error if no role has been recognized

Marko Tikvić
1 parent 11933054ac
Showing 1 changed file with 2 additions and 3 deletions Show diff stats
auth.go
@@ -111,8 +111,7 @@ func RefreshAuthToken(tok string) (TokenClaims, error) {
 	token, err := jwt.ParseWithClaims(tok, &TokenClaims{}, secretFunc)
 	if err != nil {
 		if validation, ok := err.(*jwt.ValidationError); ok {
-			// don't return error if token is expired
-			// just extend it
+			// don't return error if token is expired, just extend it
 			if !(validation.Errors&jwt.ValidationErrorExpired != 0) {
 				return TokenClaims{}, err
 			}
@@ -160,7 +159,7 @@ func AuthCheck(req *http.Request, roles string) (*TokenClaims, error) {
 		}
 	}
  
-	return claims, nil
+	return claims, errors.New("unauthorized role access")
 }
  
 // GetTokenClaims extracts JWT claims from Authorization header of req.
...	...	@@ -111,8 +111,7 @@ func RefreshAuthToken(tok string) (TokenClaims, error) {
111	111	token, err := jwt.ParseWithClaims(tok, &TokenClaims{}, secretFunc)
112	112	if err != nil {
113	113	if validation, ok := err.(*jwt.ValidationError); ok {
114		- // don't return error if token is expired
115		- // just extend it
	114	+ // don't return error if token is expired, just extend it
116	115	if !(validation.Errors&jwt.ValidationErrorExpired != 0) {
117	116	return TokenClaims{}, err
118	117	}
...	...	@@ -160,7 +159,7 @@ func AuthCheck(req http.Request, roles string) (TokenClaims, error) {
160	159	}
161	160	}
162	161
163		- return claims, nil
	162	+ return claims, errors.New("unauthorized role access")
164	163	}
165	164
166	165	// GetTokenClaims extracts JWT claims from Authorization header of req.
...	...