• prof@infosec.pub
    link
    fedilink
    arrow-up
    3
    ·
    6 months ago

    Yeah, I had a similar case with some authentication middleware I used that was part of a library.

    It would always throw an exception when a user wasn’t authenticated instead of just giving me some flag I could check.

    Wouldn’t have done it that way, but it was okay for an API controller.