From f1965d63052f673ee57bf9ece6e3d2abaa96d3c7 Mon Sep 17 00:00:00 2001
From: Alex Dadgar <alex.dadgar@gmail.com>
Date: Thu, 12 Oct 2017 15:39:05 -0700
Subject: [PATCH] Handle invalid token as well

---
 command/agent/http.go      |  8 ++++++--
 command/agent/http_test.go | 17 +++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/command/agent/http.go b/command/agent/http.go
index 11b6e52b0..6a542a5e9 100644
--- a/command/agent/http.go
+++ b/command/agent/http.go
@@ -301,9 +301,13 @@ func (s *HTTPServer) wrap(handler func(resp http.ResponseWriter, req *http.Reque
 			code := 500
 			if http, ok := err.(HTTPCodedError); ok {
 				code = http.Code()
-			} else if err.Error() == structs.ErrPermissionDenied.Error() {
-				code = 403
+			} else {
+				switch err.Error() {
+				case structs.ErrPermissionDenied.Error(), structs.ErrTokenNotFound.Error():
+					code = 403
+				}
 			}
+
 			resp.WriteHeader(code)
 			resp.Write([]byte(err.Error()))
 			return
diff --git a/command/agent/http_test.go b/command/agent/http_test.go
index 3017046cd..be73eba95 100644
--- a/command/agent/http_test.go
+++ b/command/agent/http_test.go
@@ -236,6 +236,23 @@ func TestPermissionDenied(t *testing.T) {
 	assert.Equal(t, resp.Code, 403)
 }
 
+func TestTokenNotFound(t *testing.T) {
+	s := makeHTTPServer(t, func(c *Config) {
+		c.ACL.Enabled = true
+	})
+	defer s.Shutdown()
+
+	resp := httptest.NewRecorder()
+	handler := func(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
+		return nil, structs.ErrTokenNotFound
+	}
+
+	urlStr := "/v1/job/foo"
+	req, _ := http.NewRequest("GET", urlStr, nil)
+	s.Server.wrap(handler)(resp, req)
+	assert.Equal(t, resp.Code, 403)
+}
+
 func TestParseWait(t *testing.T) {
 	t.Parallel()
 	resp := httptest.NewRecorder()