From d9fb4787ecf570123b9c0055d7df1fa157e01c7d Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Mon, 4 Mar 2024 10:58:17 -0500
Subject: [PATCH] Removed whitelist of JWT errors

refs https://linear.app/tryghost/issue/ENG-712/

I don't think we ever need to respond with a 500 here, if the verify call
fails, we know that the token is unauthorized for use.
---
 .../core/server/services/auth/api-key/admin.js    | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/ghost/core/core/server/services/auth/api-key/admin.js b/ghost/core/core/server/services/auth/api-key/admin.js
index b1b44524a1..76c7b33d4b 100644
--- a/ghost/core/core/server/services/auth/api-key/admin.js
+++ b/ghost/core/core/server/services/auth/api-key/admin.js
@@ -159,16 +159,11 @@ const authenticateWithToken = async function apiKeyAuthenticateWithToken(req, re
         try {
             jwt.verify(token, secret, options);
         } catch (err) {
-            if (err.name === 'TokenExpiredError' || err.name === 'JsonWebTokenError' || err.name === 'NotBeforeError') {
-                return next(new errors.UnauthorizedError({
-                    message: tpl(messages.invalidTokenWithMessage, {message: err.message}),
-                    code: 'INVALID_JWT',
-                    err
-                }));
-            }
-
-            // unknown error
-            return next(new errors.InternalServerError({err}));
+            return next(new errors.UnauthorizedError({
+                message: tpl(messages.invalidTokenWithMessage, {message: err.message}),
+                code: 'INVALID_JWT',
+                err
+            }));
         }
 
         // authenticated OK