summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason David Davies <jasondavies@apache.org>2009-10-12 10:28:18 +0000
committerJason David Davies <jasondavies@apache.org>2009-10-12 10:28:18 +0000
commit022ce7a40c0be1c5cf90f05fdb223f5e1f140cfa (patch)
tree2819f20f0a63db1950fe60975accee83131fdfcd
parentd1a745685f3a86b043fe9fd26b9851f167b9ec1e (diff)
Send 400 error when bad OAuth token is received.
This closes COUCHDB-522. git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@824290 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--src/couchdb/couch_httpd_oauth.erl19
1 files changed, 12 insertions, 7 deletions
diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl
index a9127674..7160d8ce 100644
--- a/src/couchdb/couch_httpd_oauth.erl
+++ b/src/couchdb/couch_httpd_oauth.erl
@@ -19,13 +19,18 @@
oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
serve_oauth(Req, fun(URL, Params, Consumer, Signature) ->
AccessToken = proplists:get_value("oauth_token", Params),
- TokenSecret = couch_config:get("oauth_token_secrets", AccessToken),
- ?LOG_DEBUG("OAuth URL is: ~p", [URL]),
- case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of
- true ->
- set_user_ctx(Req, AccessToken);
- false ->
- Req
+ case couch_config:get("oauth_token_secrets", AccessToken) of
+ undefined ->
+ couch_httpd:send_error(Req, 400, <<"invalid_token">>,
+ <<"Invalid OAuth token.">>);
+ TokenSecret ->
+ ?LOG_DEBUG("OAuth URL is: ~p", [URL]),
+ case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of
+ true ->
+ set_user_ctx(Req, AccessToken);
+ false ->
+ Req
+ end
end
end, true).