From 45394e0b0f4160ce1a829e08e9cce0168b483102 Mon Sep 17 00:00:00 2001
From: da3dsoul <da3dsoul@gmail.com>
Date: Wed, 17 Jan 2024 08:53:01 -0500
Subject: [PATCH] Fix 500 in DELETE apikey

---
 Shoko.Server/API/AuthenticationController.cs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Shoko.Server/API/AuthenticationController.cs b/Shoko.Server/API/AuthenticationController.cs
index c29e787c6..20b0387e1 100644
--- a/Shoko.Server/API/AuthenticationController.cs
+++ b/Shoko.Server/API/AuthenticationController.cs
@@ -101,11 +101,12 @@ public ActionResult ChangePassword([FromBody] string newPassword)
     ///</summary>
     ///<param name="apikey">The Apikey or device to delete.</param>
     [HttpDelete]
-    public ActionResult Delete(string apikey)
+    public ActionResult Delete([FromBody]string apikey)
     {
-        var token = RepoFactory.AuthTokens.GetAll().FirstOrDefault(a => a.UserID == User?.JMMUserID && a.DeviceName.EqualsInvariantIgnoreCase(apikey));
+        if (apikey == null) return BadRequest("Must provide an apikey or device name to delete");
+        var token = RepoFactory.AuthTokens.GetAll().FirstOrDefault(a => a.UserID == User?.JMMUserID && apikey.EqualsInvariantIgnoreCase(a.DeviceName));
         token ??= RepoFactory.AuthTokens.GetByToken(apikey);
-        if (User?.JMMUserID != token.UserID && User?.IsAdmin != 1) return Unauthorized("Cannot delete a token for another user");
+        if (token == null) return BadRequest("Could not find apikey or device name to delete");
         RepoFactory.AuthTokens.Delete(token);
         return Ok();
     }