From d7e1462d107a632494b968606bf07382189d4522 Mon Sep 17 00:00:00 2001
From: Thordur Bjornsson <thorduri@users.noreply.github.com>
Date: Wed, 16 May 2018 17:36:35 +0200
Subject: [PATCH] Check if the jwtToken is valid in authViewer. (#1785)

Closes #1514
---
 server/service/endpoint_middleware.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/service/endpoint_middleware.go b/server/service/endpoint_middleware.go
index 523f6e28ef..01fb9d80b8 100644
--- a/server/service/endpoint_middleware.go
+++ b/server/service/endpoint_middleware.go
@@ -94,6 +94,9 @@ func authViewer(ctx context.Context, jwtKey string, bearerToken token.Token, svc
 	if err != nil {
 		return nil, authError{reason: err.Error()}
 	}
+	if jwtToken.Valid != true {
+		return nil, authError{reason: "invalid jwt token"}
+	}
 	claims, ok := jwtToken.Claims.(jwt.MapClaims)
 	if !ok {
 		return nil, authError{reason: "no jwt claims"}