From 7c96e1b780243bfbe3ecc5b6874fe3497e2419d5 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Fri, 15 Nov 2024 23:59:14 +0100
Subject: fix(tfstated): return 403 Forbidden on non existent account

---
 pkg/basic_auth/middleware.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/basic_auth')

diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
index 94cac56..1b51c8a 100644
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
 				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 				return
 			}
+			if account == nil {
+				http.Error(w, "Forbidden", http.StatusForbidden)
+				return
+			}
 			if password != account.Password {
 				http.Error(w, "Forbidden", http.StatusForbidden)
 				return
-- 
cgit v1.2.3