remove unnecessary options from api unit. Improve error messages... etc etc

lib/units/api/helpers/securityHandlers.js

@@ -3,7 +3,7 @@ var urlutil = require('../../../util/urlutil')
 var logger = require('../../../util/logger')
 var dbapi = require('../../../db/api')
 
-var log = logger.createLogger('api:auth')
+var log = logger.createLogger('api:helpers:securityHandlers')
 
 module.exports = {
   accessTokenAuth: accessTokenAuth
@@ -27,24 +27,30 @@ function accessTokenAuth(req, res, next) {
                   next()
                 }
               })
+            } else {
+              res.json(500, {
+                success: false
+              })
             }
           })
         .catch(function(err) {
           log.error('Failed to load token: ', err.stack)
-          res.json(500, {
+          res.json(401, {
             success: false,
-            description: "Bad Access Token"
+            description: 'Bad credentials'
           })
         })
     } else {
-      log.error("Bad Access Token Header")
-      res.json(500, {
+      log.error('Bad Access Token Header')
+      res.json(401, {
         success: false,
-        description: "Bad Access Token Header"
+        description: 'Bad credentials'
       })
     }
   }
+  // Request is coming from browser app
   // TODO: Remove this once frontend become stateless
+  //       and start sending request without session
   else if (req.session && req.session.jwt) {
     dbapi.loadUser(req.session.jwt.email)
       .then(function(user) {
@@ -54,17 +60,16 @@ function accessTokenAuth(req, res, next) {
         }
         else {
           res.json(500, {
-            success: false,
-            description: "Bad Request"
+            success: false
           })
         }
       })
       .catch(next)
   }
   else {
-    res.json(500, {
+    res.json(401, {
       success: false,
-      description: "Request does not have Authorization header"
+      description: 'Requires authentication'
     })
   }
 }