From 7813b675f51ff95915ffff7992d6d66bc03fb982 Mon Sep 17 00:00:00 2001 From: Seungbae Yu Date: Tue, 30 Aug 2022 22:25:02 +0900 Subject: [PATCH] node: change JWT error status to 401 Unauthorized (#25629) --- node/jwt_handler.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/node/jwt_handler.go b/node/jwt_handler.go index 363f6b3aad..637ae19686 100644 --- a/node/jwt_handler.go +++ b/node/jwt_handler.go @@ -51,7 +51,7 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) { strToken = strings.TrimPrefix(auth, "Bearer ") } if len(strToken) == 0 { - http.Error(out, "missing token", http.StatusForbidden) + http.Error(out, "missing token", http.StatusUnauthorized) return } // We explicitly set only HS256 allowed, and also disables the @@ -63,17 +63,17 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) { switch { case err != nil: - http.Error(out, err.Error(), http.StatusForbidden) + http.Error(out, err.Error(), http.StatusUnauthorized) case !token.Valid: - http.Error(out, "invalid token", http.StatusForbidden) + http.Error(out, "invalid token", http.StatusUnauthorized) case !claims.VerifyExpiresAt(time.Now(), false): // optional - http.Error(out, "token is expired", http.StatusForbidden) + http.Error(out, "token is expired", http.StatusUnauthorized) case claims.IssuedAt == nil: - http.Error(out, "missing issued-at", http.StatusForbidden) + http.Error(out, "missing issued-at", http.StatusUnauthorized) case time.Since(claims.IssuedAt.Time) > jwtExpiryTimeout: - http.Error(out, "stale token", http.StatusForbidden) + http.Error(out, "stale token", http.StatusUnauthorized) case time.Until(claims.IssuedAt.Time) > jwtExpiryTimeout: - http.Error(out, "future token", http.StatusForbidden) + http.Error(out, "future token", http.StatusUnauthorized) default: handler.next.ServeHTTP(out, r) }