From 2ce9affeeabc65e7eaedde8a8d60834a167a4183 Mon Sep 17 00:00:00 2001
From: Todd Knight <T.Alan.Knight@gmail.com>
Date: Wed, 8 Jul 2020 09:09:09 -0700
Subject: [PATCH] Don't use repo to check impossible token requests and repo
 doesn't return error on token value mismatch. (#171)

* Remove error when tokens mismatch from public id but log returned errors from repo.
---
 internal/authtoken/repository.go                            | 2 +-
 internal/servers/controller/handlers/authtoken_intercept.go | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/authtoken/repository.go b/internal/authtoken/repository.go
index 587fe8ab93..fccb0c34dc 100644
--- a/internal/authtoken/repository.go
+++ b/internal/authtoken/repository.go
@@ -210,7 +210,7 @@ func (r *Repository) ValidateToken(ctx context.Context, id, token string, opt ..
 	}
 
 	if retAT.GetToken() != token {
-		return nil, fmt.Errorf("validate token: auth token mismatch: %w", db.ErrInvalidParameter)
+		return nil, nil
 	}
 	// retAT.Token set to empty string so the value is not returned as described in the methods' doc.
 	retAT.Token = ""
diff --git a/internal/servers/controller/handlers/authtoken_intercept.go b/internal/servers/controller/handlers/authtoken_intercept.go
index 833f6d2cb0..da4784dc10 100644
--- a/internal/servers/controller/handlers/authtoken_intercept.go
+++ b/internal/servers/controller/handlers/authtoken_intercept.go
@@ -43,6 +43,10 @@ func TokenAuthenticator(l hclog.Logger, tokenRepo common.AuthTokenRepoFactory) f
 			}
 		}
 
+		if tMD.recievedTokenType == authTokenTypeUnknown || tMD.token() == "" || tMD.publicId() == "" {
+			return tMD.toMetadata()
+		}
+
 		repo, err := tokenRepo()
 		if err != nil {
 			l.Error("failed to get authtoken repo", "error", err)