From a849375e2c099336cc8df058624a1d393f61ec22 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 29 Jan 2019 12:51:09 -0800
Subject: auth editor not-found is a 403 auth response

---
 rust/src/auth.rs | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/rust/src/auth.rs b/rust/src/auth.rs
index 4627a535..7e9b945a 100644
--- a/rust/src/auth.rs
+++ b/rust/src/auth.rs
@@ -312,7 +312,19 @@ impl AuthConfectionary {
             "time > {}",
             created.to_rfc3339_opts(SecondsFormat::Secs, true)
         ));
-        let editor: EditorRow = Editor::db_get(conn, editor_id)?;
+        // not finding the editor_id is an auth issue, not a 404
+        let editor: EditorRow =
+            match Editor::db_get(conn, editor_id).map_err(|e| FatcatError::from(e)) {
+                Ok(ed) => ed,
+                Err(FatcatError::NotFound(_, _)) => {
+                    return Err(FatcatError::InvalidCredentials(format!(
+                        "editor_id not found: {}",
+                        editor_id
+                    ))
+                    .into());
+                }
+                other_db_err => other_db_err?,
+            };
         let auth_epoch = DateTime::<Utc>::from_utc(editor.auth_epoch, Utc);
         // allow a second of wiggle room for precision and, eg, tests
         if created < (auth_epoch - chrono::Duration::seconds(1)) {
-- 
cgit v1.2.3