auth error on missing access types

authorizer/src/asapo_authorizer/server/authorize.go

@@ -161,6 +161,10 @@ func checkToken(token string, subject_expect string) (accessTypes []string, err
 		return nil,err
 	}
 
+	if extra_claim.AccessTypes==nil || len(extra_claim.AccessTypes)==0 {
+		return nil,errors.New("missing access types")
+	}
+
 	if subject!=subject_expect {
 		return nil,errors.New("wrong token for "+subject_expect)
 	}

authorizer/src/asapo_authorizer/server/authorize_test.go

@@ -180,6 +180,10 @@ var authTests = [] struct {
 	message string
 	answer string
 }{
+	{"processed","test","auto","dataSource", prepareUserToken("bt_test",nil),"127.0.0.2",http.StatusUnauthorized,"missing access types",
+		""},
+	{"processed","test","auto","dataSource", prepareUserToken("bt_test",[]string{}),"127.0.0.2",http.StatusUnauthorized,"empty access types",
+		""},
 	{"processed","test","auto","dataSource", prepareUserToken("bt_test",[]string{"write"}),"127.0.0.2",http.StatusOK,"user source with correct token",
 		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","core-path":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["write"]}`},
 	{"processed","test_online","auto","dataSource", prepareUserToken("bt_test_online",[]string{"read"}),"127.0.0.1",http.StatusOK,"with online path, processed type",