Fix that auth middleware should not actually throw an error when unauthorized

2025-12-13 22:52:22 +00:00 · 2024-10-03 20:24:14 +02:00
parent 4872d67a36
commit 9c8c05eaca
1 changed files with 9 additions and 17 deletions
--- a/crates/store/src/auth/middleware.rs
+++ b/crates/store/src/auth/middleware.rs
@@ -1,3 +1,4 @@
+use super::AuthenticationProvider;
 use actix_web::{
    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
    error::ErrorUnauthorized,
@@ -11,8 +12,6 @@ use std::{
    sync::Arc,
 };

-use super::AuthenticationProvider;
-
 pub struct AuthenticationMiddleware<AP: AuthenticationProvider> {
    auth_provider: Arc<AP>,
 }
@@ -68,22 +67,15 @@ where
        Box::pin(async move {
            if let Ok(auth) = Authorization::<Basic>::parse(req.request()) {
                let user_id = auth.as_ref().user_id();
-                let password = auth
-                    .as_ref()
-                    .password()
-                    .ok_or(ErrorUnauthorized("no password"))?;
-
-                let user = auth_provider
-                    .validate_user_token(user_id, password)
-                    .await
-                    .map_err(|_| ErrorUnauthorized(""))?
-                    .ok_or(ErrorUnauthorized(""))?;
-
-                req.extensions_mut().insert(user);
-                service.call(req).await
-            } else {
-                Err(ErrorUnauthorized(""))
+                if let Some(password) = auth.as_ref().password() {
+                    if let Ok(Some(user)) =
+                        auth_provider.validate_user_token(user_id, password).await
+                    {
+                        req.extensions_mut().insert(user);
+                    }
+                }
            }
+            service.call(req).await
        })
    }
 }