fix(tfstated): return 403 Forbidden on non existent account

author: Julien Dessaux 2024-11-15 23:59:14 +0100
committer: Julien Dessaux 2024-11-15 23:59:14 +0100
commit: 7c96e1b780243bfbe3ecc5b6874fe3497e2419d5 (patch)
tree: 3c4c84d9d6f414c97163d7101c2157dc904a4dd0 /pkg/basic_auth/middleware.go
parent: chore(tfstated): use a struct{} as context.Context key (diff)
download: tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.gz
tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.bz2
tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
index 94cac56..1b51c8a 100644
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
 				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 				return
 			}
+			if account == nil {
+				http.Error(w, "Forbidden", http.StatusForbidden)
+				return
+			}
 			if password != account.Password {
 				http.Error(w, "Forbidden", http.StatusForbidden)
 				return
author	Julien Dessaux	2024-11-15 23:59:14 +0100
committer	Julien Dessaux	2024-11-15 23:59:14 +0100
commit	7c96e1b780243bfbe3ecc5b6874fe3497e2419d5 (patch)
tree	3c4c84d9d6f414c97163d7101c2157dc904a4dd0 /pkg/basic_auth/middleware.go
parent	chore(tfstated): use a struct{} as context.Context key (diff)
download	tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.gz tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.bz2 tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.zip