Improve OAuth error message for missing tokens.

Added a test in oauth.js



git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@828836 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 10 insertions, 1 deletions

diff --git a/share/www/script/test/oauth.js b/share/www/script/test/oauth.js
index b14ccbc5..5c6c0083 100644
--- a/share/www/script/test/oauth.js
+++ b/share/www/script/test/oauth.js
@@ -196,6 +196,12 @@ couchTests.oauth = function(debug) {
             T(data.name == "testadmin");
             T(data.roles[0] == "_admin");
           }
+
+          // Test when the user's token doesn't exist.
+          message.parameters.oauth_token = "not a token!";
+          xhr = oauthRequest("GET", "http://" + host + "/_session?foo=bar",
+                  message, adminAccessor);
+          T(xhr.status == 400, "Request should be invalid.");
         }
       }
     } finally {
diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl
index 7160d8ce..e46ea5bc 100644
--- a/src/couchdb/couch_httpd_oauth.erl
+++ b/src/couchdb/couch_httpd_oauth.erl
@@ -38,7 +38,10 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
 set_user_ctx(Req, AccessToken) ->
     DbName = couch_config:get("couch_httpd_auth", "authentication_db"),
     {ok, _Db} = couch_httpd_auth:ensure_users_db_exists(?l2b(DbName)),
-    Name = ?l2b(couch_config:get("oauth_token_users", AccessToken)),
+    Name = case couch_config:get("oauth_token_users", AccessToken) of
+        undefined -> throw({bad_request, unknown_oauth_token});
+        Value -> ?l2b(Value)
+    end,
     case couch_httpd_auth:get_user(Name) of
         nil -> Req;
         User ->