From beabe82b50b99bd99707fb9dd1eb6af9297f8296 Mon Sep 17 00:00:00 2001
From: Matthieu Lamalle <mlamalle@cadoles.com>
Date: Tue, 21 Jul 2020 11:20:06 +0200
Subject: [PATCH] update comparison script

---
 middleware/accounts.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/middleware/accounts.go b/middleware/accounts.go
index 212d232..ffdce8c 100644
--- a/middleware/accounts.go
+++ b/middleware/accounts.go
@@ -259,7 +259,7 @@ var Refresh = func(w http.ResponseWriter, r *http.Request) {
 func ValidateToken(w http.ResponseWriter, r *http.Request) (*TokenDetails, error) {
 	var pwd string
 	urltomatch := r.URL.String()
-	if urltomatch == "/api/user/refresh" {
+	if strings.Contains(urltomatch, "/api/user/refresh") {
 		pwd = "refresh_token_password"
 	} else {
 		pwd = "access_token_password"
@@ -274,7 +274,6 @@ func ValidateToken(w http.ResponseWriter, r *http.Request) (*TokenDetails, error
 		w.WriteHeader(http.StatusForbidden)
 		w.Header().Add("Content-Type", "application/json")
 		respond(w, response)
-		return tk, errors.New("Missing auth token")
 	}
 
 	splitted := strings.Split(bearToken, " ") //The token normally comes in format `Bearer {token-body}`, we check if the retrieved token matched this requirement