fix(tfstated): return 403 Forbidden on non existent account

2024-11-15 23:59:14 +01:00 · 2024-11-15 23:59:14 +01:00 · 7c96e1b780
commit 7c96e1b780
parent 478f42f8a9
2 changed files with 8 additions and 0 deletions
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
 				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 				return
 			}
+			if account == nil {
+				http.Error(w, "Forbidden", http.StatusForbidden)
+				return
+			}
 			if password != account.Password {
 				http.Error(w, "Forbidden", http.StatusForbidden)
 				return