diff options
| -rw-r--r-- | share/www/script/test/oauth.js | 6 | ||||
| -rw-r--r-- | src/couchdb/couch_httpd_oauth.erl | 5 |
2 files changed, 10 insertions, 1 deletions
diff --git a/share/www/script/test/oauth.js b/share/www/script/test/oauth.js index b14ccbc5..5c6c0083 100644 --- a/share/www/script/test/oauth.js +++ b/share/www/script/test/oauth.js @@ -196,6 +196,12 @@ couchTests.oauth = function(debug) { T(data.name == "testadmin"); T(data.roles[0] == "_admin"); } + + // Test when the user's token doesn't exist. + message.parameters.oauth_token = "not a token!"; + xhr = oauthRequest("GET", "http://" + host + "/_session?foo=bar", + message, adminAccessor); + T(xhr.status == 400, "Request should be invalid."); } } } finally { diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl index 7160d8ce..e46ea5bc 100644 --- a/src/couchdb/couch_httpd_oauth.erl +++ b/src/couchdb/couch_httpd_oauth.erl @@ -38,7 +38,10 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> set_user_ctx(Req, AccessToken) -> DbName = couch_config:get("couch_httpd_auth", "authentication_db"), {ok, _Db} = couch_httpd_auth:ensure_users_db_exists(?l2b(DbName)), - Name = ?l2b(couch_config:get("oauth_token_users", AccessToken)), + Name = case couch_config:get("oauth_token_users", AccessToken) of + undefined -> throw({bad_request, unknown_oauth_token}); + Value -> ?l2b(Value) + end, case couch_httpd_auth:get_user(Name) of nil -> Req; User -> |