From fae3d1d80db65a9e9a27dbb9f4fe87597894e57a Mon Sep 17 00:00:00 2001
From: Michal Klos <michal.klos@kiteworks.com>
Date: Tue, 1 Apr 2025 17:10:27 +0200
Subject: [PATCH] fix: app-auth user not found code

changelog

fix changelog title
---
 changelog/unreleased/fix-app-auth-rest-status.md |  6 ++++++
 services/auth-app/pkg/service/service.go         | 13 ++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/fix-app-auth-rest-status.md

diff --git a/changelog/unreleased/fix-app-auth-rest-status.md b/changelog/unreleased/fix-app-auth-rest-status.md
new file mode 100644
index 00000000000..2dd1d5b0e31
--- /dev/null
+++ b/changelog/unreleased/fix-app-auth-rest-status.md
@@ -0,0 +1,6 @@
+Bugfix: Fix app-auth, REST status code
+
+Now app-auth REST returns status code 404 when creating token for non-existent user (Impersonation)
+
+https://github.com/owncloud/ocis/pull/11190
+https://github.com/owncloud/ocis/issues/10815
diff --git a/services/auth-app/pkg/service/service.go b/services/auth-app/pkg/service/service.go
index 7830e984d79..50fca98693f 100644
--- a/services/auth-app/pkg/service/service.go
+++ b/services/auth-app/pkg/service/service.go
@@ -26,7 +26,10 @@ import (
 	"google.golang.org/grpc/metadata"
 )
 
-var ErrBadRequest = errors.New("bad request")
+var (
+	ErrBadRequest   = errors.New("bad request")
+	ErrUserNotFound = errors.New("user not found")
+)
 
 // AuthAppToken represents an app token.
 type AuthAppToken struct {
@@ -127,6 +130,10 @@ func (a *AuthAppService) HandleCreate(w http.ResponseWriter, r *http.Request) {
 				http.Error(w, err.Error(), http.StatusBadRequest)
 				return
 			}
+			if errors.Is(err, ErrUserNotFound) {
+				http.Error(w, err.Error(), http.StatusNotFound)
+				return
+			}
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
@@ -261,6 +268,10 @@ func (a *AuthAppService) authenticateUser(userID, userName string, gwc gateway.G
 		return nil, err
 	}
 
+	if authRes.GetStatus().GetCode() == rpc.Code_CODE_NOT_FOUND {
+		return nil, ErrUserNotFound
+	}
+
 	if authRes.GetStatus().GetCode() != rpc.Code_CODE_OK {
 		return nil, errors.New("error authenticating user: " + authRes.GetStatus().GetMessage())
 	}