From 6faf94f857296273d979d4adbbec99f3cbb1fcbe Mon Sep 17 00:00:00 2001
From: "marko.tikvic" <marko.tikvic@to-net.rs>
Date: Fri, 26 Jul 2019 13:48:52 +0200
Subject: [PATCH] Fixed auth check to return error if no role has been
 recognized

---
 auth.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/auth.go b/auth.go
index 5ce6ce9..563d78e 100644
--- a/auth.go
+++ b/auth.go
@@ -111,8 +111,7 @@ func RefreshAuthToken(tok string) (TokenClaims, error) {
 	token, err := jwt.ParseWithClaims(tok, &TokenClaims{}, secretFunc)
 	if err != nil {
 		if validation, ok := err.(*jwt.ValidationError); ok {
-			// don't return error if token is expired
-			// just extend it
+			// don't return error if token is expired, just extend it
 			if !(validation.Errors&jwt.ValidationErrorExpired != 0) {
 				return TokenClaims{}, err
 			}
@@ -160,7 +159,7 @@ func AuthCheck(req *http.Request, roles string) (*TokenClaims, error) {
 		}
 	}
 
-	return claims, nil
+	return claims, errors.New("unauthorized role access")
 }
 
 // GetTokenClaims extracts JWT claims from Authorization header of req.
-- 
1.8.1.2