From 022ce7a40c0be1c5cf90f05fdb223f5e1f140cfa Mon Sep 17 00:00:00 2001 From: Jason David Davies Date: Mon, 12 Oct 2009 10:28:18 +0000 Subject: Send 400 error when bad OAuth token is received. This closes COUCHDB-522. git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@824290 13f79535-47bb-0310-9956-ffa450edef68 --- src/couchdb/couch_httpd_oauth.erl | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl index a9127674..7160d8ce 100644 --- a/src/couchdb/couch_httpd_oauth.erl +++ b/src/couchdb/couch_httpd_oauth.erl @@ -19,13 +19,18 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> serve_oauth(Req, fun(URL, Params, Consumer, Signature) -> AccessToken = proplists:get_value("oauth_token", Params), - TokenSecret = couch_config:get("oauth_token_secrets", AccessToken), - ?LOG_DEBUG("OAuth URL is: ~p", [URL]), - case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of - true -> - set_user_ctx(Req, AccessToken); - false -> - Req + case couch_config:get("oauth_token_secrets", AccessToken) of + undefined -> + couch_httpd:send_error(Req, 400, <<"invalid_token">>, + <<"Invalid OAuth token.">>); + TokenSecret -> + ?LOG_DEBUG("OAuth URL is: ~p", [URL]), + case oauth:verify(Signature, atom_to_list(MochiReq:get(method)), URL, Params, Consumer, TokenSecret) of + true -> + set_user_ctx(Req, AccessToken); + false -> + Req + end end end, true). -- cgit v1.2.3