always call the rest logout command, don't vomit on the error

client/coral-framework/actions/auth.js

@@ -96,13 +96,14 @@ export const logout = () => async (
   _,
   { rest, client, pym, localStorage }
 ) => {
-  // Stop if the token doen't exist
-  if (!localStorage.getItem('token')) {
-    return;
+  try {
+    await rest('/auth', { method: 'DELETE' });
+  } catch (err) {
+    // We ignore any REST related errors from the delete action, which may/may
+    // not have had a cookie/token attached to it. The logout action was still
+    // called, so we still want to cleanup.
   }
 
-  await rest('/auth', { method: 'DELETE' });
-
   // Clear the auth data persisted to localStorage.
   cleanAuthData(localStorage);
 

middleware/authorization.js

@@ -40,23 +40,23 @@ authorization.has = (user, ...roles) => {
  * @return {Callback}    connect middleware
  */
 authorization.needed = (...roles) => [
-  // Insert the pre-needed middlware.
+  // Insert the pre-needed middleware.
   ...authorization.middleware,
 
   // Insert the actual middleware to check for the required role.
   (req, res, next) => {
-    // All routes that are wrapepd with this middleware actually require a role.
+    // All routes that are wrapped with this middleware actually require a role.
     if (!req.user) {
-      debug(`No user on request, returning with ${ErrNotAuthorized}`);
-      return next(ErrNotAuthorized);
+      debug(`No user on request, returning with ErrNotAuthorized`);
+      return next(new ErrNotAuthorized());
     }
 
     // Check to see if the current user has all the roles requested for the given
     // array of roles requested, if one is not on the user, then this will
     // evaluate to true.
     if (!authorization.has(req.user, ...roles)) {
       debug('User does not have all the required roles to access this page');
-      return next(ErrNotAuthorized);
+      return next(new ErrNotAuthorized());
     }
 
     // Looks like they're allowed!