coldbox-modules · lmajano · Dec 8, 2025 · Dec 8, 2025 · Copilot · Dec 8, 2025
diff --git a/handlers/Jwt.cfc b/handlers/Jwt.cfc
@@ -14,13 +14,14 @@ component extends="coldbox.system.RestHandler" {
 	function refreshToken( event, rc, prc ){
 		// If endpoint not enabled, just 404 it
 		if ( !variables.jwtService.getSettings().jwt.enableRefreshEndpoint ) {
-			return event
+			event
 				.getResponse()
 				.setErrorMessage(
 					"Refresh Token Endpoint Disabled",
 					404,
 					"Disabled"
 				);
+			return;
 		}
 
 		try {
@@ -32,27 +33,31 @@ component extends="coldbox.system.RestHandler" {
 				.setData( prc.newTokens )
 				.addMessage( "Tokens refreshed! The passed in refresh token has been invalidated" );
 		} catch ( RefreshTokensNotActive e ) {
-			return event.getResponse().setErrorMessage( "Refresh Tokens Not Active", 404, "Disabled" );
+			event.getResponse().setErrorMessage( "Refresh Tokens Not Active", 404, "Disabled" );
 		} catch ( TokenNotFoundException e ) {
-			return event
+			event
 				.getResponse()
 				.setErrorMessage(
 					"The refresh token was not passed via the header or the rc. Cannot refresh the unrefreshable!",
 					400,
 					"Missing refresh token"
 				);
-				);
+				);
+			return;
-				);
+				);
+			return;
 		} catch ( TokenInvalidException e ) {
-			prc.response.setErrorMessage(
-				"Invalid Token - #e.message#",
-				401,
-				"Invalid Token"
-			);
+			event
+				.getResponse()
+				.setErrorMessage(
+					"Invalid Token - #e.message#",
+					401,
+					"Invalid Token"
+				);
 		} catch ( TokenExpiredException e ) {
-			prc.response.setErrorMessage(
-				"Token Expired - #e.message#",
-				400,
-				"Token Expired"
-			);
+			event
+				.getResponse()
+				.setErrorMessage(
+					"Token Expired - #e.message#",
+					400,
+					"Token Expired"
+				);
 		}
 	}
 

diff --git a/test-harness/tests/specs/integration/JWTSpec.cfc b/test-harness/tests/specs/integration/JWTSpec.cfc
@@ -145,6 +145,15 @@ component extends="coldbox.system.testing.BaseTestCase" appMapping="/root" {
 								404,
 								event.getResponse().getMessagesString()
 							);
+
+							// Matches the ColdBox RestHandler default response format spec
+							var jsonResponse = deserializeJSON( event.getRenderedContent() );
+							expect( jsonResponse ).toHaveLength( 4 );
+							expect( jsonResponse ).toHaveKey( "data" );
+							expect( jsonResponse ).toHaveKey( "error" );
+							expect( jsonResponse ).toHaveKey( "pagination" );
+							expect( jsonResponse ).toHaveKey( "messages" );
+							expect( jsonResponse.messages[ 1 ] ).toBe( event.getResponse().getMessagesString() );
 						} );
 					} );
 					given( "An activated endpoint but no refresh tokens passed", function(){