diff options
author | Jason David Davies <jasondavies@apache.org> | 2009-10-12 10:28:18 +0000 |
---|---|---|
committer | Jason David Davies <jasondavies@apache.org> | 2009-10-12 10:28:18 +0000 |
commit | 022ce7a40c0be1c5cf90f05fdb223f5e1f140cfa (patch) | |
tree | 2819f20f0a63db1950fe60975accee83131fdfcd | |
parent | d1a745685f3a86b043fe9fd26b9851f167b9ec1e (diff) |
Send 400 error when bad OAuth token is received.
This closes COUCHDB-522.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@824290 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | src/couchdb/couch_httpd_oauth.erl | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl index a9127674..7160d8ce 100644 --- a/src/couchdb/couch_httpd_oauth.erl +++ b/src/couchdb/couch_httpd_oauth.erl @@ -19,13 +19,18 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> serve_oauth(Req, fun(URL, Params, Consumer, Signature) -> AccessToken = proplists:get_value("oauth_token", Params), - TokenSecret = couch_config:get("oauth_token_secrets", AccessToken), - ?LOG_DEBUG("OAuth URL is: ~p", [URL]), - case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of - true -> - set_user_ctx(Req, AccessToken); - false -> - Req + case couch_config:get("oauth_token_secrets", AccessToken) of + undefined -> + couch_httpd:send_error(Req, 400, <<"invalid_token">>, + <<"Invalid OAuth token.">>); + TokenSecret -> + ?LOG_DEBUG("OAuth URL is: ~p", [URL]), + case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of + true -> + set_user_ctx(Req, AccessToken); + false -> + Req + end end end, true). |