From 7c96e1b780243bfbe3ecc5b6874fe3497e2419d5 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Fri, 15 Nov 2024 23:59:14 +0100 Subject: fix(tfstated): return 403 Forbidden on non existent account --- pkg/basic_auth/middleware.go | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'pkg/basic_auth/middleware.go') diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go index 94cac56..1b51c8a 100644 --- a/pkg/basic_auth/middleware.go +++ b/pkg/basic_auth/middleware.go @@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler { http.Error(w, "Internal Server Error", http.StatusInternalServerError) return } + if account == nil { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } if password != account.Password { http.Error(w, "Forbidden", http.StatusForbidden) return -- cgit v1.2.3