bug: account for etcd leader changes error (#5003)

if we fail to read the secret from etcd we should return an internal
server error and not an unauthorized error.

pkg/handlers/middleware.go

@@ -99,6 +99,7 @@ func RequireValidSessionQuietMiddleware(kotsStore store.Store) mux.MiddlewareFun
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			sess, err := requireValidSession(kotsStore, w, r)
 			if err != nil {
+				logger.Errorf("failed validating session: %s", err)
 				return
 			}
 

pkg/handlers/session.go

@@ -95,7 +95,7 @@ func requireValidSession(kotsStore store.Store, w http.ResponseWriter, r *http.R
 	passwordUpdatedAt, err := kotsStore.GetPasswordUpdatedAt()
 	if err != nil {
 		response := types.ErrorResponse{Error: util.StrPointer("failed to validate session with current password")}
-		JSON(w, http.StatusUnauthorized, response)
+		JSON(w, http.StatusInternalServerError, response)
 		return nil, err
 	}
 	if passwordUpdatedAt != nil && passwordUpdatedAt.After(sess.IssuedAt) {

pkg/handlers/session_test.go

@@ -400,7 +400,7 @@ func Test_requireValidSession_FailedToFetchPasswordUpdated_AfterSessionIssuedErr
 	req.Error(err)
 	req.Equal("failed to fetch password updatedAt", err.Error())
 	req.Equal(want, got)
-	req.Equal(401, w.Code)
+	req.Equal(500, w.Code)
 }
 
 func Test_requireValidSession_PasswordUpdated_AfterSessionIssuedErr(t *testing.T) {