better error messages for 401

2021-06-05 21:26:43 -07:00
parent eb16e8a8ee
commit b579f7ae90
2 changed files with 7 additions and 7 deletions
@@ -93,10 +93,10 @@ async function tokenAuth(req, res, next) {
        }
    }

-    if (!token) return next(new HttpError(401, 'Unauthorized'));
+    if (!token) return next(new HttpError(401, 'Token required'));

    const [error, user] = await safe(accesscontrol.verifyToken(token));
-    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
+    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, error.message));
    if (error) return next(new HttpError(500, error.message));

    req.access_token = token; // used in logout route
@@ -120,10 +120,10 @@ function authorize(requiredRole) {
 async function websocketAuth(requiredRole, req, res, next) {
    assert.strictEqual(typeof requiredRole, 'string');

-    if (typeof req.query.access_token !== 'string') return next(new HttpError(401, 'Unauthorized'));
+    if (typeof req.query.access_token !== 'string') return next(new HttpError(401, 'access_token must be a string'));

    const [error, user] = await safe(accesscontrol.verifyToken(req.query.access_token));
-    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, 'Unauthorized'));
+    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, error.message));
    if (error) return next(new HttpError(500, error.message));

    req.user = user;