From 2292342d8ea6633afe1cd8866f58d4af947dcd0a Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Sun, 17 May 2020 20:46:30 +0000
Subject: [PATCH]

---
 devdocs/todo.txt          | 2 --
 server/AyaNova/Startup.cs | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index 313949fd..e5586cf9 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -1,8 +1,6 @@
 PRIORITY - ALWAYS Lowest level stuff first
 =-=-=-=-
 
-
-todo: auth controller authenticate wont allow if old jwt sent with request, should ignore on auth
 todo: API root controller
 	build mode and server info should be authorized shoudln't they?  Unauthorized people have no need to see that stuff
 todo: api / server landing page is shitty on a mobile
diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs
index 896030fc..0ccb038d 100644
--- a/server/AyaNova/Startup.cs
+++ b/server/AyaNova/Startup.cs
@@ -398,7 +398,7 @@ namespace AyaNova
                     context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
 
                     //CHECK JWT
-                    if (!context.Request.Path.Value.EndsWith("/Auth") && u.currentAuthToken != JWT)//except "/api/v8/Auth" so user can login  May need other routes later?
+                    if (!context.Request.Path.Value.EndsWith("/auth") && u.currentAuthToken != JWT)//except "/api/v8/auth" so user can login
                     {
                         context.Response.StatusCode = 401;
                         context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2006 - Authorization token replaced by more recent login");