Return unautorized immediately if authenticator found but request sho…

…uld not be granted
ory · Sep 16, 2020 · 30450ae · 30450ae
1 parent abba8e6
commit 30450ae
Showing 1 changed file with 6 additions and 9 deletions.
diff --git a/proxy/request_handler.go b/proxy/request_handler.go
@@ -225,6 +225,7 @@ func (d *RequestHandler) HandleRequest(r *http.Request, rl *rule.Rule) (session
 			// return nil
 			case helper.ErrUnauthorized.ErrorField:
 				d.r.Logger().Info(err)
+				return nil, err
 			default:
 				d.r.Logger().WithError(err).
 					WithFields(fields).
@@ -244,15 +245,11 @@ func (d *RequestHandler) HandleRequest(r *http.Request, rl *rule.Rule) (session
 
 	if !found {
 		err := errors.WithStack(helper.ErrUnauthorized)
-		// found will only be true if an authenticator was found AND authorisation was granted so check
-		// that this wasn't just a problem with the request
-		if err.Error() != helper.ErrUnauthorized.ErrorField {
-			d.r.Logger().WithError(err).
-				WithFields(fields).
-				WithField("granted", false).
-				WithField("reason_id", "authentication_handler_no_match").
-				Warn("No authentication handler was responsible for handling the authentication request")
-		}
+		d.r.Logger().WithError(err).
+			WithFields(fields).
+			WithField("granted", false).
+			WithField("reason_id", "authentication_handler_no_match").
+			Warn("No authentication handler was responsible for handling the authentication request")
 		return nil, err
 	}