Nomos incorrectly logs api access requests as valid while it returns a 401 to the client

vhs / nomos

Membership management system made VHS-centric

25 stars 7 forks source link

Nomos incorrectly logs api access requests as valid while it returns a 401 to the client #268

Open TyIsI opened 5 years ago

TyIsI commented 5 years ago

While using an api key that's expired and stripped of all privileges, it still shows it as valid in the (Nomos) access logs while at the same time giving an access denied (401) to the client.