Merge pull request #776 from hedgedoc/fix/UnauthorizedException

auth: Fix handling of internal server errors

src/auth/auth.service.ts

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { Injectable } from '@nestjs/common';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { UsersService } from '../users/users.service';
 import { User } from '../users/user.entity';
 import { AuthToken } from './auth-token.entity';
@@ -35,16 +35,20 @@ export class AuthService {
   }
 
   async validateToken(token: string): Promise<User> {
+    try {
       const [keyId, secret] = token.split('.');
       const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
       await this.setLastUsedToken(keyId);
-    const user = await this.usersService.getUserByUsername(
+      return this.usersService.getUserByUsername(accessToken.user.userName);
-      accessToken.user.userName,
+    } catch (error) {
-    );
+      if (
-    if (user) {
+        error instanceof NotInDBError ||
-      return user;
+        error instanceof TokenNotValidError
+      ) {
+        throw new UnauthorizedException(error.message);
+      }
+      throw error;
     }
-    return null;
   }
 
   async hashPassword(cleartext: string): Promise<string> {

src/auth/token.strategy.ts

@@ -6,7 +6,7 @@
 
 import { Strategy } from 'passport-http-bearer';
 import { PassportStrategy } from '@nestjs/passport';
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { AuthService } from './auth.service';
 import { User } from '../users/user.entity';
 
@@ -17,10 +17,6 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
   }
 
   async validate(token: string): Promise<User> {
-    const user = await this.authService.validateToken(token);
+    return this.authService.validateToken(token);
-    if (!user) {
-      throw new UnauthorizedException();
-    }
-    return user;
   }
 }