From 62985b6c66846dece6887e84bf263c891a15ba66 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sun, 4 Feb 2018 13:00:33 +0100
Subject: [PATCH] Fix: Token auth always had a logged in user

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 auth_token.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/auth_token.go b/auth_token.go
index 7f7bc3e..a508d7c 100644
--- a/auth_token.go
+++ b/auth_token.go
@@ -60,14 +60,18 @@ func (a authToken) DetectUser(res http.ResponseWriter, r *http.Request) (string,
 	tmp := strings.SplitN(authHeader, " ", 2)
 	suppliedToken := tmp[1]
 
-	var user, token string
+	var (
+		user, token string
+		userFound   bool
+	)
 	for user, token = range a.Tokens {
 		if token == suppliedToken {
+			userFound = true
 			break
 		}
 	}
 
-	if user == "" {
+	if !userFound {
 		return "", nil, errNoValidUserFound
 	}