Fix handling of nonexistent user trying to log in

SUNET · Dec 19, 2024 · abb5b9c · abb5b9c
1 parent 9b2d6d5
commit abb5b9c
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -165,6 +165,12 @@ func authMiddleware(dbPool *pgxpool.Pool, logger zerolog.Logger) func(next http.
 				&argon2TagSize,
 			)
 			if err != nil {
+				if err == pgx.ErrNoRows {
+					// The user does not exist etc, try again
+					w.Header().Add("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, realm))
+					w.WriteHeader(http.StatusUnauthorized)
+					return
+				}
 				logger.Err(err).Msg("failed looking up username for authentication")
 				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 				return