poetapp / frost-api

Po.et's API Layer
https://api.poetnetwork.net
MIT License
24 stars 5 forks source link

Authorization: Not Found when token is for different email #902

Open lautarodragan opened 5 years ago

lautarodragan commented 5 years ago

The authorization middleware sets the status to 404 if doesn't find the user associated with the token.

https://github.com/poetapp/frost-api/blob/58135e73c2795580979ccfedfea7c42c2f1a6328/src/middlewares/authorization.ts#L28-L32

This can happen when the user changes their email address — tokens created before the change will remain associated to the previous address.

In this case, a simple Not Found error message provides little to no guidance.

Replace with Invalid Token, which is more correct, and logger.warning details of the event.

lautarodragan commented 5 years ago

Will be mitigated by https://github.com/poetapp/frost-api/issues/916