From e0ac921b8f4224f2dc76abccc81e409c6c5d7c11 Mon Sep 17 00:00:00 2001
From: "Anthony (Ryo) Wright" <43687737+ryowright@users.noreply.github.com>
Date: Tue, 21 Dec 2021 09:46:56 -0800
Subject: [PATCH] =?UTF-8?q?Fixed=20null=20token=20panic=20from=20'v1/auth/?=
 =?UTF-8?q?token/'=20endpoints=20and=20returned=20p=E2=80=A6=20(#13233)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fixed null token panic from 'v1/auth/token/' endpoints and returned proper error response

* added changelog entry for PR #13233

* changed error message from 'bad token' to 'null token'

* rebased off of main

* Revert "changed error message from 'bad token' to 'null token'"

This reverts commit 381ed9b32c5ddd5e47adb1643ef7e46fb768bc76.

* changed 'bad token' error message to 'invalid token' after revert

* remove unnecessary vault-data folder
---
 api/auth_token.go         | 4 +++-
 changelog/13233.txt       | 3 +++
 vault/request_handling.go | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 changelog/13233.txt

diff --git a/api/auth_token.go b/api/auth_token.go
index 32c77bc62..86595175b 100644
--- a/api/auth_token.go
+++ b/api/auth_token.go
@@ -1,6 +1,8 @@
 package api
 
-import "context"
+import (
+	"context"
+)
 
 // TokenAuth is used to perform token backend operations on Vault
 type TokenAuth struct {
diff --git a/changelog/13233.txt b/changelog/13233.txt
new file mode 100644
index 000000000..718f5207f
--- /dev/null
+++ b/changelog/13233.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core/token: Fix null token panic from 'v1/auth/token/' endpoints and return proper error response.
+```
\ No newline at end of file
diff --git a/vault/request_handling.go b/vault/request_handling.go
index f65908b5e..83f654e0d 100644
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@@ -553,7 +553,7 @@ func (c *Core) handleCancelableRequest(ctx context.Context, req *logical.Request
 				break
 			}
 			if token == nil {
-				return logical.ErrorResponse("bad token"), logical.ErrPermissionDenied
+				return logical.ErrorResponse("invalid token"), logical.ErrPermissionDenied
 			}
 			_, nsID := namespace.SplitIDFromString(token.(string))
 			if nsID != "" {