Merge pull request gin-contrib#32 from gin-contrib/update_status_code

ductm54 · web-flow · commit a3fb6bbde0e1 · 2022-12-28T14:24:09.000+07:00
change status code for invalid key to unauthorized
diff --git a/authenticator.go b/authenticator.go
@@ -91,6 +91,10 @@ func (a *Authenticator) Authenticated() gin.HandlerFunc {
 
 		secret, err := a.getSecret(sigHeader.keyID, sigHeader.algorithm)
 		if err != nil {
+			if err == ErrInvalidKeyID {
+				_ = c.AbortWithError(http.StatusUnauthorized, err)
+				return
+			}
 			_ = c.AbortWithError(http.StatusBadRequest, err)
 			return
 		}
diff --git a/authenticator_test.go b/authenticator_test.go
@@ -92,7 +92,7 @@ func TestAuthenticatedHeaderWrongKey(t *testing.T) {
 	req.Header.Set(authorizationHeader, sigHeader)
 	req.Header.Set("Date", time.Now().UTC().Format(http.TimeFormat))
 	c := runTest(secrets, requiredHeaders, nil, req)
-	assert.Equal(t, http.StatusBadRequest, c.Writer.Status())
+	assert.Equal(t, http.StatusUnauthorized, c.Writer.Status())
 	assert.Equal(t, ErrInvalidKeyID, c.Errors[0])
 }
 

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ func TestAuthenticatedHeaderWrongKey(t *testing.T) {`
`92`	`92`	`req.Header.Set(authorizationHeader, sigHeader)`
`93`	`93`	`req.Header.Set("Date", time.Now().UTC().Format(http.TimeFormat))`
`94`	`94`	`c := runTest(secrets, requiredHeaders, nil, req)`
`95`		`- assert.Equal(t, http.StatusBadRequest, c.Writer.Status())`
	`95`	`+ assert.Equal(t, http.StatusUnauthorized, c.Writer.Status())`
`96`	`96`	`assert.Equal(t, ErrInvalidKeyID, c.Errors[0])`
`97`	`97`	`}`
`98`	`98`