From b9c6d27aa3cf921f941a5833a4835ee6a87508e7 Mon Sep 17 00:00:00 2001
From: bjoern-m <bjoern.mueller@hanko.io>
Date: Mon, 30 Dec 2024 11:35:55 +0100
Subject: [PATCH] chore: respond with 'bad request' when token claims are
 invalid

---
 backend/handler/session.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/handler/session.go b/backend/handler/session.go
index dee875e54..ee6481c57 100644
--- a/backend/handler/session.go
+++ b/backend/handler/session.go
@@ -47,7 +47,7 @@ func (h *SessionHandler) ValidateSession(c echo.Context) error {
 
 			claims, err := dto.GetClaimsFromToken(token)
 			if err != nil {
-				return c.JSON(http.StatusOK, dto.ValidateSessionResponse{IsValid: false})
+				return echo.NewHTTPError(http.StatusBadRequest, fmt.Errorf("failed to parse token claims: %w", err))
 			}
 
 			sessionModel, err := h.persister.GetSessionPersister().Get(claims.SessionID)
@@ -96,7 +96,7 @@ func (h *SessionHandler) ValidateSessionFromBody(c echo.Context) error {
 
 	claims, err := dto.GetClaimsFromToken(token)
 	if err != nil {
-		return c.JSON(http.StatusOK, dto.ValidateSessionResponse{IsValid: false})
+		return echo.NewHTTPError(http.StatusBadRequest, fmt.Errorf("failed to parse token claims: %w", err))
 	}
 
 	sessionModel, err := h.persister.GetSessionPersister().Get(claims.SessionID)