From 8fe389b1e40f295b6a2ca9c3eb5735c0e34338f9 Mon Sep 17 00:00:00 2001
From: Pierre de Lacroix <pierre@pdelacroix.com>
Date: Fri, 5 Jun 2020 05:33:44 +0200
Subject: fix error responses

---
 lib/matrix_app_service/auth_plug.ex            | 20 ++++++++++++++------
 lib/matrix_app_service_web/views/error_view.ex | 12 +++++++-----
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/lib/matrix_app_service/auth_plug.ex b/lib/matrix_app_service/auth_plug.ex
index 0768caa..529cefd 100644
--- a/lib/matrix_app_service/auth_plug.ex
+++ b/lib/matrix_app_service/auth_plug.ex
@@ -9,18 +9,26 @@ defmodule MatrixAppService.AuthPlug do
   end
 
   @impl Plug
-  def call(%Plug.Conn{params: %{"access_token" => hs_token}} = conn, config_hs_token)
-      when hs_token == config_hs_token do
-    conn
+  def call(%Plug.Conn{params: %{"access_token" => hs_token}} = conn, config_hs_token) do
+    with ^config_hs_token <- hs_token do
+      conn
+    else
+      _ ->
+        Logger.warn("Received invalid homeserver token")
+        respond_error(conn, 403)
+    end
   end
 
   def call(conn, _config_hs_token) do
-    Logger.warn("Received invalid homeserver token")
+    Logger.warn("No homeserver token provided")
+    respond_error(conn, 401)
+  end
 
+  defp respond_error(conn, error_code) do
     conn
-    |> put_status(:unauthorized)
+    |> put_status(error_code)
     |> Phoenix.Controller.put_view(MatrixAppServiceWeb.ErrorView)
-    |> Phoenix.Controller.render("401.json")
+    |> Phoenix.Controller.render("#{error_code}.json")
     |> halt
   end
 end
diff --git a/lib/matrix_app_service_web/views/error_view.ex b/lib/matrix_app_service_web/views/error_view.ex
index 2358355..ab705e1 100644
--- a/lib/matrix_app_service_web/views/error_view.ex
+++ b/lib/matrix_app_service_web/views/error_view.ex
@@ -1,11 +1,13 @@
 defmodule MatrixAppServiceWeb.ErrorView do
   use MatrixAppServiceWeb, :view
 
-  # If you want to customize a particular status code
-  # for a certain format, you may uncomment below.
-  # def render("500.json", _assigns) do
-  #   %{errors: %{detail: "Internal Server Error"}}
-  # end
+  def render("401.json", _assigns) do
+    %{errcode: "EX.MAP.UNAUTHORIZED"}
+  end
+
+  def render("403.json", _assigns) do
+    %{errcode: "EX.MAP.FORBIDDEN"}
+  end
 
   # By default, Phoenix returns the status message from
   # the template name. For example, "404.json" becomes
-- 
cgit v1.2.3