Fix empty authorization deemed as valid when skipAuth = false, thanks @…

…stingalleman
ferrerojosh · Feb 26, 2021 · 5a1f40f · 5a1f40f · stingalleman · Feb 26, 2021
1 parent f488aab
commit 5a1f40f
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/guards/auth.guard.ts b/src/guards/auth.guard.ts
@@ -51,9 +51,9 @@ export class AuthGuard implements CanActivate {
       this.extractJwt(request.headers);
     const isInvalidJwt = jwt === null || jwt === undefined;
 
-    // Auth is not skipped, but no jwt token given, immediate return
-    if (isUnprotected && isInvalidJwt) {
-      return true;
+    // No jwt token given, immediate return
+    if (isInvalidJwt) {
+      throw new UnauthorizedException();
     }
 
     try {