From 707d5bc67fc9c5c590bdb1cdd29ff4d772cf5df7 Mon Sep 17 00:00:00 2001
From: Ricardo Maraschini <ricardo.maraschini@gmail.com>
Date: Thu, 21 Nov 2024 00:14:59 +0100
Subject: [PATCH] bug: account for etcd leader changes error (#5003)

if we fail to read the secret from etcd we should return an internal
server error and not an unauthorized error.
---
 pkg/handlers/middleware.go   | 1 +
 pkg/handlers/session.go      | 2 +-
 pkg/handlers/session_test.go | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/handlers/middleware.go b/pkg/handlers/middleware.go
index ea328f8a89..0525e1febb 100644
--- a/pkg/handlers/middleware.go
+++ b/pkg/handlers/middleware.go
@@ -99,6 +99,7 @@ func RequireValidSessionQuietMiddleware(kotsStore store.Store) mux.MiddlewareFun
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			sess, err := requireValidSession(kotsStore, w, r)
 			if err != nil {
+				logger.Errorf("failed validating session: %s", err)
 				return
 			}
 
diff --git a/pkg/handlers/session.go b/pkg/handlers/session.go
index 2179f996ed..70bc84dafd 100644
--- a/pkg/handlers/session.go
+++ b/pkg/handlers/session.go
@@ -95,7 +95,7 @@ func requireValidSession(kotsStore store.Store, w http.ResponseWriter, r *http.R
 	passwordUpdatedAt, err := kotsStore.GetPasswordUpdatedAt()
 	if err != nil {
 		response := types.ErrorResponse{Error: util.StrPointer("failed to validate session with current password")}
-		JSON(w, http.StatusUnauthorized, response)
+		JSON(w, http.StatusInternalServerError, response)
 		return nil, err
 	}
 	if passwordUpdatedAt != nil && passwordUpdatedAt.After(sess.IssuedAt) {
diff --git a/pkg/handlers/session_test.go b/pkg/handlers/session_test.go
index 4edd4843bf..ffcceea41d 100644
--- a/pkg/handlers/session_test.go
+++ b/pkg/handlers/session_test.go
@@ -400,7 +400,7 @@ func Test_requireValidSession_FailedToFetchPasswordUpdated_AfterSessionIssuedErr
 	req.Error(err)
 	req.Equal("failed to fetch password updatedAt", err.Error())
 	req.Equal(want, got)
-	req.Equal(401, w.Code)
+	req.Equal(500, w.Code)
 }
 
 func Test_requireValidSession_PasswordUpdated_AfterSessionIssuedErr(t *testing.T) {