From 26549b13575247807eb5e6b3065079e144fc5adf Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Tue, 16 Apr 2024 00:24:40 +0700
Subject: [PATCH] fix: return error if session id does not exist (#1538)

## What kind of change does this PR introduce?
* return error if session id doesn't exist in the db

## What is the current behavior?

Please link any relevant issues here.

## What is the new behavior?

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.
---
 internal/api/auth.go      |  7 +++++--
 internal/api/auth_test.go | 13 +++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/internal/api/auth.go b/internal/api/auth.go
index 3e69d8c6c..4acbe4f95 100644
--- a/internal/api/auth.go
+++ b/internal/api/auth.go
@@ -123,8 +123,11 @@ func (a *API) maybeLoadUserOrSession(ctx context.Context) (context.Context, erro
 			return ctx, forbiddenError(ErrorCodeBadJWT, "invalid claim: session_id claim must be a UUID").WithInternalError(err)
 		}
 		session, err = models.FindSessionByID(db, sessionId, false)
-		if err != nil && !models.IsNotFoundError(err) {
-			return ctx, forbiddenError(ErrorCodeSessionNotFound, "Session from session_id claim in JWT does not exist")
+		if err != nil {
+			if models.IsNotFoundError(err) {
+				return ctx, forbiddenError(ErrorCodeSessionNotFound, "Session from session_id claim in JWT does not exist")
+			}
+			return ctx, err
 		}
 		ctx = withSession(ctx, session)
 	}
diff --git a/internal/api/auth_test.go b/internal/api/auth_test.go
index f404e1cb7..700d27af1 100644
--- a/internal/api/auth_test.go
+++ b/internal/api/auth_test.go
@@ -158,6 +158,19 @@ func (ts *AuthTestSuite) TestMaybeLoadUserOrSession() {
 			ExpectedUser:    u,
 			ExpectedSession: s,
 		},
+		{
+			Desc: "Session ID doesn't exist",
+			UserJwtClaims: &AccessTokenClaims{
+				StandardClaims: jwt.StandardClaims{
+					Subject: u.ID.String(),
+				},
+				Role:      "authenticated",
+				SessionId: "73bf9ee0-9e8c-453b-b484-09cb93e2f341",
+			},
+			ExpectedError:   forbiddenError(ErrorCodeSessionNotFound, "Session from session_id claim in JWT does not exist"),
+			ExpectedUser:    u,
+			ExpectedSession: nil,
+		},
 	}
 
 	for _, c := range cases {