fix: return error if session id does not exist (#1538)

## What kind of change does this PR introduce?
* return error if session id doesn't exist in the db

## What is the current behavior?

Please link any relevant issues here.

## What is the new behavior?

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.

Author: kangmingtay

internal/api/auth.go

@@ -123,8 +123,11 @@ func (a *API) maybeLoadUserOrSession(ctx context.Context) (context.Context, erro
 			return ctx, forbiddenError(ErrorCodeBadJWT, "invalid claim: session_id claim must be a UUID").WithInternalError(err)
 		}
 		session, err = models.FindSessionByID(db, sessionId, false)
-		if err != nil && !models.IsNotFoundError(err) {
-			return ctx, forbiddenError(ErrorCodeSessionNotFound, "Session from session_id claim in JWT does not exist")
+		if err != nil {
+			if models.IsNotFoundError(err) {
+				return ctx, forbiddenError(ErrorCodeSessionNotFound, "Session from session_id claim in JWT does not exist")
+			}
+			return ctx, err
 		}
 		ctx = withSession(ctx, session)
 	}

internal/api/auth_test.go

@@ -158,6 +158,19 @@ func (ts *AuthTestSuite) TestMaybeLoadUserOrSession() {
 			ExpectedUser:    u,
 			ExpectedSession: s,
 		},
+		{
+			Desc: "Session ID doesn't exist",
+			UserJwtClaims: &AccessTokenClaims{
+				StandardClaims: jwt.StandardClaims{
+					Subject: u.ID.String(),
+				},
+				Role:      "authenticated",
+				SessionId: "73bf9ee0-9e8c-453b-b484-09cb93e2f341",
+			},
+			ExpectedError:   forbiddenError(ErrorCodeSessionNotFound, "Session from session_id claim in JWT does not exist"),
+			ExpectedUser:    u,
+			ExpectedSession: nil,
+		},
 	}
 
 	for _, c := range cases {