From ff85a1803c45d880754cf0c1115aee860b791306 Mon Sep 17 00:00:00 2001
From: Roland Bernard <rolbernard@unibz.it>
Date: Sat, 17 Apr 2021 13:12:35 +0200
Subject: [PATCH] Invalid tokens are now allowed for unprotected routes

---
 server/src/v1/auth.ts | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/server/src/v1/auth.ts b/server/src/v1/auth.ts
index 3723c24..89272dd 100644
--- a/server/src/v1/auth.ts
+++ b/server/src/v1/auth.ts
@@ -109,7 +109,7 @@ auth.get("/extend", async function (req, res) {
     }
 });
 
-export async function tokenVerification(req: Request, res: Response, next: NextFunction) {
+export async function tokenVerification(req: Request, _res: Response, next: NextFunction) {
     const header = req.headers?.authorization;
     let token: string | null = null;
     if (header) {
@@ -124,13 +124,10 @@ export async function tokenVerification(req: Request, res: Response, next: NextF
         try {
             const decoded = await asyncify(verify, token, await getPublicKey(), { algorithms: ["ES384"] });
             req.body.token = decoded;
-            next();
         } catch (err) {
-            res.status(403).json({
-                status: 'error',
-                message: 'authentication failed',
-            });
+            delete req.body.token;
         }
+        next();
     } else {
         next();
     }
-- 
GitLab